Path: utzoo!utgpu!watmath!clyde!att!ucbvax!ucdavis!ccdan
From: ccdan@ucdavis.ucdavis.edu (Dan Dorough)
Newsgroups: comp.mail.sendmail
Subject: Re: Non-root sendmail?
Message-ID: <3284@ucdavis.ucdavis.edu>
Date: 16 Nov 88 05:38:53 GMT
References: <164@heart-of-gold>
Reply-To: ccdan@ucdavis.ucdavis.edu (Dan Dorough)
Organization: University of California, Davis
Lines: 34

In article <164@heart-of-gold> jc@heart-of-gold (John M Chambers) writes:
> Is there a way to run sendmail under a non-root id?  

i run sendmail under uid 1 (daemon) on some of our systems
here.  these systems include all of our 11/70s (2.9bsd) and
some of our isolated VAXen (4.3bsd, not on any TCP/IP network).
i am sure that it would be possible to run sendmail under
uid 1 on systems with TCP/IP, i just haven't had the desire
to.  with source, sendmail could easily be modified to
start up, obtain required resources, and then permanently
setuid(1).

when running non-super, several things are important.
  1) the spooling directory must be owned by the uid
     and/or gid that sendmail runs under.  sendmail must
     have permission to create and delete spooling files.
     i do this by running setgid to 1 and letting the
     group permissions on the spooling directory be "rwx".
  2) people who have turned off search ("x") permission
     on their login directories will not be able to
     use .forward files.
  3) load average checking won't work for systems that
     get load average through /dev/kmem.  (2.9bsd has
     a separate system call.)
  4) all mailers you call must be prepared to do their
     own setuid()ing, since sendmail will never start
     them as uid 0.  /bin/mail on my systems already runs
     setuid to 0, and the other mailers likewise do not
     depend on being started as 0.

i've run sendmail for a few years this way, and have had
no troubles with it.

--dan dorough, ucdavis systems programmer, ccdan@ucdavis.edu