Handling sendmail Permissions - 4.5.4 Recommended Permissions (Page 4 of 4 ) Table 4-1 shows the recommended ownerships and permissions for all the files and directories in the sendmail system. The path components will vary depending on the vendor version of sendmail you are running. For example, where we show the
/usr/sbin/sendmail directory, your site might use /usr/lib/sendmail, or even /usr/lib/mail/sendmail. In Table 4-1, we show the owner as root, or as a T(which means the owner can be the user listed with theTrustedUseroption; §24.9.122 on page 1112), or as anR(which means the owner must be the one specified by theRunAsUseroption; §24.9.102 on page 1083) if that option was specified. Under the “Owner” column, we show a colon and the group when the group is important. Table 4-1. Recommended permissions for V8.12 and above | Path | Type | Owner | Mode |
|---|
| / | Directory | root | 0755 | drwxr-xr-x | | /usr | Directory | root | 0755 | drwxr-xr-x | | /usr/sbina | Directory | root | 0755 | drwxr-xr-x |
Table 4-1. Recommended permissions for V8.12 and above (continued) Path | Type | Owner | Mode | | /usr/sbin/sendmail | File | root:smmsp | 02555 | -r-xr-sr-xb | /etc | Directory | root | 0755 | drwxr-xr-x | /etc/mail | Directory | root,T | 0755 | drwxr-xr-x | /etc/mail/sendmail.cf | File | root,T | 0644 or 0640 | | /etc/mail/statistics | File | root,T,R | 0600 | -rw------- | /etc/mail/helpfile | File | root,T | 0444 | -r--r--r-- | /etc/mail/aliases | File | root,T | 0644 | -rw-r--r-- | /etc/mail/aliases.pag | File | root,T,R | 0640 | -rw-r----- | /etc/mail/aliases.dir | File | root,T,R | 0640 | -rw-r----- | /etc/mail/aliases.db | File | root,T,R | 0640 | -rw-r----- | F/path | Directory | root,T | 0755 | drwxr -xr-x | /path/file | File | T | 0444 or 0644 | | /var | Directory | root | 0755 | drwxr-xr-x | /var/spool | Directory | root | 0755 | drwxr-xr-x | /var/spool/mqueue | Directory | root,R | 0700c | drwx------ | /var/spool/clientmqueue | Directory | smmsp:smmsp | 0770 | drwxrwx--- | :include:/path | Directories | root | 0755 | drwxr -xr-x | :include:/path/list | File | n/a | 0644 | -rw-r--r-- |
Please check back next week for the continuation of this article. | DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
|  This article is excerpted from chapter four of sendmail, fourth edition, written by Bryan Costales, Claus Assmann, George Jansen and Gregory Shapiro (O'Reilly, 2007; ISBN: 0596510292). Check it out today at your favorite bookstore. Buy this book now.
|
|
|
