There are three major ways in which sendmail can be run: [33] as a set-user-id root process (that is, with the permissions of root regardless of who runs it), as a root process because it was run by root , or as an ordinary process run by an ordinary (nonprivileged) user. When sendmail is running with root privilege and when the F=S delivery agent flag is specified for a delivery agent, sendmail always invokes that delivery agent as the effective user and effective group specified by the U= delivery agent equate. [34] If the U= delivery agent equate is unspecified or is specified as zero, it runs as the effective user root . In both instances, the real user and real group IDs remain those of the recipient.
If the F=S flag is omitted from the delivery agent, the following scenarios occur:
If it fails to set its identity, it prints and logs the following error: insufficient privileges to change gid, RealGid= rgid , RunAsUid= ruid , gid= gid , egid= egid Note that this F=S flag was revised once for V8.7. Then it was revised again for V8.9, and has remained stable since. |