The default is mode 2555, which is set-group-id (the 2), and readable
and executable by the owner, group, and world (the 555). One reason to change this
default might be to prevent ordinary users from copying the binary. You would make
such a change like this:
define(`confGBINMODE??, `2551??) ?†? correct
define(`confGBINMODE??, `551??) ?†? wrong, don??™t omit the leading 2
If you mistakenly omit the leading 2, the created non-set-user-id root version of sendmail
will lose its ability to execute a set-group-id. If you use an illegal permission value,
such as 9555, you will see the following error and the build will fail:
chmod: invalid mode
confGBINOWN
This macro defines who will own the non-set-user-id root version of sendmail. Th e
owner has no effect on who will own the program when it is run. It will be owned by
whoever runs it. You can set its ownership to a different owner, if you prefer, with an
m4 Build macro such as this:
define(`confGBINOWN??, `nomail??) ?†? use a username
define(`confGBINOWN??, `7629??) ?†? use a user number
If you use a positive number that is not too large, it will be accepted no matter what.
If you use a name that is not defined in the /etc/passwd file (or in a related file suchas
/etc/shadow), you might see the following error and the build will fail:
chown: unknown user id: nomail
2.7.
Pages:
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162