confGBIN...
The set-group-id settings Build macro
The non-set-user-id root version of sendmail (Install sendmail on page 60) uses a set-group-id means of identity instead of the normal set-user-id root means. That is, it assumes the group identity specified, no matter who runs it.
Three macros tune the group identity and permission for this non-set-user-id root version. They are:
confGBINGRPThis macro sets the group that the non-set-user-id root version of sendmail should belong to. The group defaults to
smmsp. If, as illustrated in Add smmsp to /etc/group on page 63, you wish to use a different group, you can do so like this:define(`confGBINGRP', `nullmail') ← use a group name define(`confGBINGRP', `5343') ← use a group number
If you use a positive number that is not too large, it will be accepted no matter what. If you use a name that is not defined in the /etc/group file, you might see the following error and the build will fail:
chgrp: nullmail: unknown group
confGBINMODEThis macro defines the execution mode that the non-set-user-id root version of sendmail will have. The default is mode 2555, which is set-group-id (the 2), and readable and executable by the owner, group, and world (the 555). One reason to change this default might be to prevent ordinary users from copying the binary. You would make such a change like this:
define(`confGBINMODE', `2551') ← correct define(`confGBINMODE', `551') ← wrong, don't omit the leading 2
If you mistakenly omit the leading 2, the created non-
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
