Path: utzoo!utgpu!watmath!clyde!ima!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.mail.sendmail
Subject: Re: Non-root sendmail?
Message-ID: <131@minya.UUCP>
Date: 20 Nov 88 13:35:12 GMT
References: <164@heart-of-gold> <1572@valhalla.ee.rochester.edu>
Organization: (none)
Lines: 35

> obviously there is no way for a program running as user "uucp" to write
> to file that is owned by the user.
> 
> However what you say gives me an idea. What if sendmail were made set-gid
> "mail" (but not set-uid) and all mail related files, including
> /usr/spool/mail/foo were made rw by group "mail", but no user is a member
> of group "mail"? 

You just contradicted yourself! (;-)  This is how uucp runs here.  Actually,
it is setuid also, to uucp.  So are uuxqt and uusched.  Mail files are owned
by the user, are group mail and have 660 permissions.


>		This would mean, of course, that /usr/spool/mail must
> always contain a mbox for each user (since a rw file owned by user can
> only be created by the user or root,) but that is a minor hassle. Maybe a
> few hacks to make sure that /usr/spool/mail/fubar never gets deleted by any
> program.

That happens here, though it isn't necessary.  This is a Sys/V, and the
command "chown root temp" just worked for me.  Of course, temp's setuid
and setgid bits got turned off by the chown, for obvious reasons.  If
your systems doesn't allow mere users to use chown, then you'll need
some hack for creating a mailbox for new users.  Perhaps a program that
does nothing but create a mailbox, and is setuid-root.  That oughta be
simple enough that it can be verified.

Most versions of uucp mail will leave a mailbox there if it has permissions
other than 600.

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)

[Any errors in the above are due to failures in the logic of the keyboard,
not in the fingers that did the typing.]