Path: utzoo!attcan!uunet!husc6!mailrus!cornell!rochester!uhura.cc.rochester.edu!ur-valhalla!badri
From: badri@valhalla.ee.rochester.edu (Badri Lokanathan)
Newsgroups: comp.mail.sendmail
Subject: Re: Non-root sendmail?
Summary: Not as it is right now
Message-ID: <1572@valhalla.ee.rochester.edu>
Date: 11 Nov 88 18:45:59 GMT
References: <164@heart-of-gold>
Organization: UR Dept. of Electrical Engg, Rochester NY 14627
Lines: 36

In article <164@heart-of-gold>, jc@heart-of-gold (John M Chambers) writes:
> 
> Is there a way to run sendmail under a non-root id?  
> 
It may not be possible for the following reason: there is no way currently
for any other id to concatenate a new message to /usr/spool/mail/fubar,
where fubar typically has rw to owner only. If permissions were not so, then
other users could peek into fubar's mail.
>
> I'm also rather familiar with sendmail's main competitor, uucp.  It seems
> to run quite well under a mail id, and doesn't need anything setuid to root.
> In fact, it's fairly conventional to make all the programs setuid to uucp,
> or even better, setgid to mail, with all the files and directories being
> owned by uucp/mail.  Mailboxes then end up owned by the user, with group
> mail and 660 permissions, and all that, and it works just fine.
>
Which system are you talking about? If it is BSD, the final delivery of mail
is always done by a suid program and not directly by UUCP, since quite
obviously there is no way for a program running as user "uucp" to write
to file that is owned by the user.

(The postal van may be out of bounds but you can always mug the postman :-)

However what you say gives me an idea. What if sendmail were made set-gid
"mail" (but not set-uid) and all mail related files, including
/usr/spool/mail/foo were made rw by group "mail", but no user is a member
of group "mail"? This would mean, of course, that /usr/spool/mail must
always contain a mbox for each user (since a rw file owned by user can
only be created by the user or root,) but that is a minor hassle. Maybe a
few hacks to make sure that /usr/spool/mail/fubar never gets deleted by any
program.
-- 
"We will fight for the right to be free {) badri@ee.rochester.edu
 We will build our own society         //\\ {ames,cmcl2,columbia,cornell,
 And we will sing, we will sing       ///\\\ garp,harvard,ll-xn,rutgers}!
 We will sing our own song."  -UB40    _||_   rochester!ur-valhalla!badri