When sendmail
is running with root privilege and when the F=S delivery agent flag is specified for a
delivery agent, sendmail always invokes that delivery agent as the effective user and effective
group specified by the U= delivery agent equate.?? If the U= delivery agent equate is
unspecified or is specified as zero, it runs as the effective user root. In bothinstances, the
real user and real group IDs remain those of the recipient.
If the F=S flag is omitted from the delivery agent, the following scenarios occur:
??? If delivery is to a file, and if the set-user-id bit is set in the file??™s permission bits, and if
the execute-bit is not set, sendmail sets its user and group identities to those of the
owner and group of the file.
??? Otherwise, if the set-user-id bit is not set, or if delivery is not to a file, and if there is a
controlling user (?§11.12.3 on page 447) for the address, sendmail sets its identity to
that of the controlling user for delivery.
??? Otherwise, if the user or group part of the U= delivery agent equate was missing or was
0, sendmail assumes the identity of the DefaultUser option (?§24.9.32 on page 1000).
??? Otherwise, sendmail assumes the identity of the U= delivery agent equate.
If it fails to set its identity, it prints and logs the following error:
insufficient privileges to change gid, RealGid=rgid, RunAsUid=ruid, gid=gid, egid=egid
Note that this F=S flag was revised once for V8.
Pages:
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372