The original question was:
> The default UID for the smtp account (or so I was told. It IS the
> UID in the boxes here, and they claim they have not been changed)
> is '0'. This UID is not one I want other than root to have.
>
> Any idea why it may be so, and what impact changing it to something
> else (and recommends as to what the 'else' would be)?
And I've been firmly advised in opposite directions:
_______________________________________________________________________________
>From fpardo@tisny.com
The 'sendmail' program needs to execute, part of the time, with root
privileges. The good news is that it changes its identity at appropriate
times, so as a rule nothing should go wrong (barring bugs in 'sendmail',
of course).
Here are the titles of two very good books that you can refer to for
more details:
Unix System Administration Handbook (2nd ed.)
Evi Nemeth et al.
Prentice Hall
ISBN 0-13-151051-7
sendmail
Bryan Costales et al.
O'Reilly & Associates
ISBN 1-56592-056-2
The impact of changing the UID will be inability to send and receive
e-mail, which I'm sure you don't want.
_______________________________________________________________________________
>From rali@meitca.com
Several reasons:
1) SMTP listens on TCP port 25
Ports numbered below 1024 can only be accessed by a process with
root UID; this is enforced by the kernel and provides a basic
level of trustworthiness (much less in a world that lets PeeCees
talk TCP/IP ...)
2) In order to open a user mailbox and append new messages, the SMTP
server must invoke the system call seteuid() and assume the
privileges of the user.
3) In order to assure the privacy of mail in the queue directory,
access to that directory must be restricted
Some flavours of sendmail and others SMTP servers can be run with less
privilege.
Look at:
http://www.his.com/~brad/sendmail/ (Sendmail FAQ)
http://www.informatik.uni-kiel.de/%7Eca/email/english.html (Sendmail hints)
for much more detail on these subjects.
_______________________________________________________________________________
>From joey@q7.com
i've installed sendmail 8.7.5 and removed the smtp entry from passwd. no
problems that i can tell.
_______________________________________________________________________________
>From pobrien@cfa.harvard.edu
> That's crazy. The documentation for Sendmail V8 has a section
> on the issue of UID, and it's recommended that it be set to something
> harmless.
> .....................................................................
>
> No disagreement that it is crazy. Any suggestions as to what?
> (the same as nobody?)
Anything unique and non-privileged. In the documentation, they had a number
around 32,000.
_______________________________________________________________________________
So it is either essential or crazy and a number either 0 or around 32,000.
I am not less confused....
Jim Meritt
So what now?
Jim
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:10 CDT