auth smtp and pam.d
Gerry Doris
gerry
Mon May 17 11:38:57 PDT 2004
>
> is this related to the smrsh? I think my sendmail is still running as
> root...
>
> root 5165 0.0 0.6 3820 860 ? S Oct13 0:00 sendmail:
> accepti
>
> I am not following all the instructions in the sxs yet. smrsh is not as
> trivial as it looks for newbies like me.
>
>> authinfo (I'm going from memory here) no longer works. It been
>> replaced by a tag with similar data in the access database. The
>> access directive has new parameters. Also, sendmail can't access the
>> /etc/sasldb file since only root has permission to do that. Changing
>> the permission causes complaints that the file has wrong permissions.
>> You can work around this by including a DontBlameSendmail directive in
>> sendmail.mc.
>>
>
If you're still running sendmail as root then you have an older version of
sendmail. The newer ones have changed this to a non root user for
security reasons. If a hacker is able to cause a buffer overflow on a
root owned process and take over then they're now running as
root...obviously not a good thing!
Redhat 8.0 uses a non root sendmail. Redhat 7.3 didn't. All of this is
documented either on the sendmail.org site or (on a Redhat system) in
/usr/shared/doc/sendmail*/README.cf. The newer sendmails also have made
the other minor changes I mentioned (minor if you know about them -
serious if you don't). For instance, sendmail.cf is now in /etc/mail
instead of /etc.
Gerry
More information about the Linux-users
mailing list