Recipe 10.11 Setting a Safe Default User IDProblemsendmail requires its own user ID for when it is not running as root . SolutionCheck the /etc/passwd , /etc/shadow , and /etc/ group files to see if your system has entries for the user mailnull and the group mailnull . [5] If you find mailnull entries in these files, you're done. Otherwise, add mailnull to /etc/passwd using UID and GID values that are available on your system. On our sample system, we used the following entry:
mailnull:x:65533:65533:Sendmail DefaultUser:/var/spool/mqueue:/bin/false Next, add mailnull to the /etc/group file, as in this example: mailnull:x:65533: And, if you use the /etc/shadow file, add a mailnull entry to that file. Here is an example that is compatible with the shadow file used on Red Hat Linux systems: mailnull:!!:11530:0:99999:7::: DiscussionWhen sendmail is running with root privileges, the DefaultUser option identifies the user ID and group ID that sendmail uses when it gives up root privileges. This is the UID and GID used to do such things as run mailers and other external commands. When DefaultUser is not explicitly defined in the configuration, four possible default values are available. The order in which these defaults are used is:
Use confDEF_USER_ID in the m4 master configuration file to override these default values. The master configuration file delivered with Red Hat Linux 8.0 provides an example of how the confDEF_USER_ID command is used. It contains the following: define(`confDEF_USER_ID',`8:12') This define command sets the user ID to 8 and the group ID to 12 for the DefaultUser option. These values are associated with the username mail and the groupname mail found in the /etc/passwd and /etc/group files delivered with the Red Hat Linux 8.0 system. The Red Hat configuration uses numeric UID and GID values for the confDEF_USER_ID define. However, string values are also acceptable. The following command sets exactly the same values for the Red Hat system: define(`confDEF_USER_ID',`mail:mail') This would also work: define(`confDEF_USER_ID',`mail') This works because, when the GID field is empty and the UID is a string value, the GID value defined in the /etc/passwd entry for the specified username is used. It is also possible to define the GID value separately using confDEF_GROUP_ID . However, confDEF_GROUP_ID has been deprecated and should not be used. Given all of these options for setting the DefaultUser value, it is interesting to note that not one of them is used here. Instead, we opted to use the default mailnull user ID. There are two advantages to doing so:
In fact, many Unix systems come with an entry for the user mailnull already in the /etc/passwd file. If that is the case on your system, there is no need to implement this recipe because your system is already using the DefaultUser option. A simple grep shows the mailnull entries from the /etc/passwd file and the /etc/shadow file, if they exist: # grep mailnull /etc/passwd mailnull:x:47:47::/var/spool/mqueue:/dev/null # grep mailnull /etc/shadow mailnull:!!:11267:0:99999:7::: Some Unix systems don't provide /etc/passwd and /etc/group entries for the DefaultUser option, so you will need to add them yourself. If you do add a mailnull user account, there are three characteristics of that account that you need to be aware of:
These three requirements help prevent the account from being exploited to gain unauthorized access. See AlsoRecipe 10.10 covers the RunAsUser option ”an incompatible option that is sometimes confused with the DefaultUser option. For information on the /etc/passwd , /etc/shadow , and /etc/group files see a good system administration text, such as Essential System Administration , Third Edition, by leen Frisch (O'Reilly). The sendmail book covers the DefaultUser option in Section 10.8.2.1 and Section 24.9.29. |