File Modes

Certain files can have protection modes that control access. This section describes the modes that you can control from the sendmail.cf file. The modes you use depend on what functionality you want and the level of security you require.

setuid

By default, the sendmail program is executed with the user ID set to 0 (setuid to root) so that it can deliver to programs that might write in a user's home directory. When sendmail is ready to execute a mailer program, sendmail checks to see if the user ID is 0; if so, it resets the user ID and group ID to the values set by the u and g options in the configuration file. The user ID and group ID are both set to 1 (daemon). You can override these values by setting the S flag to the mailer (for mailers that are trusted, and must be called as root). However, mail processing is accounted to root rather than to the user sending the mail.

Temporary File Modes

The OF option sets the mode of all the temporary files that sendmail uses. The default value, 0600, is appropriate for secure mail, and 0644 is more permissive. If you use the more permissive mode, it is not necessary to run sendmail as root at all (even when running the queue). Users will be able to read mail in the queue.

Should My Alias Database Be Writable?

One approach is to provide the alias database (/etc/mail/aliases) with mode 666. If you use this approach, users can modify any list. However, you might want to limit the aliases that a user can change by putting them into a file that the user can edit and referencing this file from /etc/mail/aliases. Such references have the following format:

alias-name::include:/filename