On Tue, 20 Apr 2004, mouss wrote:

> Frederick Bruckman wrote:
>
> > Indeed. The option is only there to permit the "traditional"
> > behavior for those who like that sort of thing.
>
> but the only reason to run sendmail is "tradition". and traditionally,
> it used to run without shouting.
>
> > IMO the comment
> > for sendmail_suidroot should say, "Don't set this unless you know
> > what you're doing!"
>
> sure, but it's also "don't run sendmail unelss you know..", then you get
> "don't run ... unless", ... and then finally "don't run netbsd unless
> you know".

OK then, no more shouting.

> It's already an effort to install the stuff. If one still needs to chmod
> 73 binaries, to rm 33 files, to create 103 config files, then it's not
> netbsd, it's MasOS XXX.

You don't need to do anything like that to run sendmail. I think,
though, the sendmail_suidroot setting just gives people the wrong
idea, and that we shouldn't support or encourage that. It's quite
enough to give folks one working and secure setup by default.

For what reason would you need to run sendmail suid root? If there
is none, then we could stop all confusion by removing that option.

Frederick