SUMMARY: smtp has UID 0 ?!?!?!

From: john.hilger@ac.com
Date: Wed Apr 07 1999 - 17:06:02 CDT


First,

   Thank you to the 4 who replied:

     Charlie Mengler
     Kevin Sheehan
     Casper Dik (Response #2)
     Arthur Darren Dunham (Response #1)

The following 2 messages summarize my findings ...

===========================================================================
===============
>
> Sun Managers,
>
> Recently I discovered that the "smtp" user in Solaris 2.6 has a UID of
> 0, even after applying all recommended security patches. I checked the
> archives thinking this must be a common question - could not find one. I
> know sendmail is a root owned setuid program which would indicate that
smtp
> could have a UID separate from 0. Surely Solaris and/or sendmail does not
> need to have a pseudo root user "smtp" to work properly, or does it ????

Yes.

Only a root process can bind to port 25 for incoming mail.
Only a root process can change to other users for placing mail into
their inbox.

Once incoming mail is determined to be for a particular user, sendmail
will attempt to change to that user for further delivery. The main
sendmail process normally just sits around as UID 0 though.

===========================================================================
==============

I don't think it does any harm, as it's a disabled account.

You can safely remove it, though, as Sun did in Solaris 7

(I grepped the source and couldn't find a single use of "smtp")

===========================================================================
==============

Thanks again,

John Hilger

                                  n n n n



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:17 CDT