Previous Section Next Section

confGBIN...
The set-group-id settings Build macro

The non-set-user-id root version of sendmail (Section 2.6.2) uses a set-group-id means of identity instead of the normal set-user-id root means. That is, it assumes the group identity specified, no matter who runs it.

Three macros tune the group identity and permission for this non-set-user-id root version. They are:

confGBINGRP

This macro sets the group that the non-set-user-id root version of sendmail should belong to. The group defaults to smmsp. If, as illustrated in Section 2.6.2.2, you wish to use a different group, you can do so like this: 

define(`confGBINGRP', `nullmail')    use a group name
define(`confGBINGRP', `5343')        use a group number

If you use a positive number that is not too large, it will be accepted no matter what. If you use a name that is not defined in the /etc/group file, you might see the following error and the build will fail: 

chgrp: nullmail: unknown group
confGBINMODE

This macro defines the execution mode that the non-set-user-id root version of sendmail will have. The default is mode 2555, which is set-group-id (the 2), and readable and executable by the owner, group, and world (the 555). One reason to change this default might be to prevent ordinary users from copying the binary. You would make such a change like this: 

define(`confGBINMODE', `2551')       correct
define(`confGBINMODE', `551')        wrong, don't omit the leading 2

If you mistakenly omit the leading 2, the created non-set-user-id root version of sendmail will loose its ability to set-group-id. If you use an illegal permission value, such as 9555, you will see the following error and the build will fail: 

chmod: invalid mode
confGBINOWN

This macro defines who will own the non-set-user-id root version of sendmail. The owner has no effect on who will own the program when it is run. It will be owned by whoever runs it. You can set its ownership to a different owner, if you prefer, with an m4 Build macro such as this: 

define(`confGBINOWN', `nomail')      use a username
define(`confGBINOWN', `7629')        use a user number

If you use a positive number that is not too large, it will be accepted no matter what. If you use a name that is not defined in the /etc/passwd file (or related file such as /etc/shadow), you might see the following error and the build will fail: 

chown: unknown user id: nomail
    Previous Section Next Section