tech-userlevel: Re: 2.0: sendmail has wrong owner/group

Subject: Re: 2.0: sendmail has wrong owner/group
To: Hubert Feyrer <hubert@feyrer.de>
From: Andrew Brown <atatat@atatdot.net>
List: tech-userlevel
Date: 04/16/2004 23:38:00

>I want sendmail, and I trust it, so I set
>
>	sendmail=yes
>	sendmail_suidroot=yes
>
>this gives:
>
>	# sh /etc/rc.d/sendmail start
>	/etc/rc.d/sendmail: WARNING: /usr/libexec/sendmail/sendmail has wrong owner/mode
>	Starting sendmail.
>
>It indeed runs after that, but the warning is ... unexpected.
>
>	ls -la /usr/libexec/sendmail/sendmail
>	-r-x-r-s-r-x  1 root  smmsp  685398 Apr  2 20:08 /usr/libexec/sendmail/sendmail
>
>I'd exect that setting sendmail_suidroot=yes DTRT for me, and makes this
>setuid root...

it doesn't make it setuid to root, that's still your job.  the rc.d
script only tells you that it's wrong.  rc.conf(5) says:

     sendmail_suidroot
                     `YES' or `NO'.  Asserts that sendmail is being used as a
                     setuid root binary and adjusts some precmd checks accord-
                     ingly.  If this is set to `YES', you can remove the sub-
                     mit.cf file, and then turn off the smmsp process.

so i guess i oughta add something there about this, eh?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."