[rsbac] sendmail under running non-root

Amon Ott rsbac@rsbac.org
Thu Sep 12 09:31:01 2002


On Wednesday, 11. September 2002 11:17, Josh Beagley wrote:
> I saw in Amons presentation slides that it is possible to run sendmail
> under a normal user account, how would you go about doing this?

You would use the CAP module and grant this user or the sendmail program the 
necessary Linux capabilities. Start with DAC_OVERRIDE and NET_BIND_SERVICE.

I am not sure, whether sendmail checks its uid to be 0 and stupidly fails, if 
not 0.

If it does not work this way, you can instead limit the capabilities of the 
sendmail program to these two and run as root.

Amon.
--
http://www.rsbac.org