[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] sendmail and inet running as root?

Subject: Re: [cobalt-users] sendmail and inet running as root?
From: flash22@xxxxxxx
Date: Mon Feb 26 14:36:19 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 26 Feb 2001, Kevin D wrote:

> Should sendmail be running as root? How about inet? It seems that these
> should be running as something other than root, to make the system more
> secure, or is there a special reason for these two to be running as root?

sendmail runs as root because when you get mail it has to have it's
ownership changed to you when it's put in your mailbox and only root can
easily sdo this, tho in theory it's possible to do it without all of
sendmail being root, and there are other mailers that try to do this ...

(I've seen setups to run sendmail as non-root, but they usually involve
having parts of it suid, i'm not really convinced this is the least bit
safer , you have to set the mail spool to a sticky mode....and procmail
breaks badly)

inetd has no choice but to run as root so it can access privlaged ports
from 0-1023 , generally minor as inetd is fairly simple and it's a heck of
a lot easier to verify it's code than to verify something like sendmail..

gsh

References:
- [cobalt-users] sendmail and inet running as root?
  - From: Kevin D

Prev by Date: [cobalt-users] Disk quota exceeded messages
Next by Date: [cobalt-users] Creating IP only web sites on a RaQ4
Previous by thread: [cobalt-users] sendmail and inet running as root?
Next by thread: Re: [cobalt-users] Recent Hacks

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index