Name
-d44.4
Synopsis
The V8 sendmail program tries to be extra
careful about file permissions, and the key to checking them is the
internal safefile( ) function. The
-d44.4
debugging switch[4] prints the parameters passed to the
safefile( ) function:
safefile(fname, uid=user-id, gid=group -id, flags=sff_flags, mode=wantmode)
Here, the file named fname is being checked to determine whether the user identified by the user-id, with the group group-id, is allowed to find or use the file. The range of checking is determined by the hexadecimal sff_flags, described in Table 16-12. Where a file’s permissions are required, the mode printed in wantmode will be used.
Mnemonic |
Hex flag |
Description |
SFF_ANYFILE |
0x00000000 |
No special restrictions |
SFF_MUSTOWN |
0x00000001 |
User must own this file |
SFF_NOSLINK |
0x00000002 |
File cannot be a symbolic link |
SFF_ROOTOK |
0x00000004 |
OK for root to own this file |
SFF_RUNASREALUID |
0x00000008 |
If no controlling user, run as real user-id |
SFF_NOPATHCHECK |
0x00000010 |
Don’t bother checking directory path |
SFF_SETUIDOK |
0x00000020 |
Set-user-id files are OK |
SFF_CREAT |
0x00000040 |
OK to create file if necessary |
SFF_REGONLY |
0x00000080 |
Regular files only |
SFF_SAFEDIRPATH |
0x00000100 |
No writable directories (also check owner) |
SFF_NOHLINK |
0x00000200 |
File cannot have hard links |
SFF_NOWLINK |
0x00000400 |
Links only in nonwritable directories |
SFF_NOGWFILES |
0x00000800 |
Disallow group-writable files |
SFF_NOWWFILES |
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.