Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

SERVER ADMINISTRATION

RSS

sendmail Security Options

By: O'Reilly Media	Search For More Articles! Disclaimer Author Terms
Rating: / 1
2008-05-15

Table of Contents:

sendmail Security Options

4.8.2.3 The TrustedUser option (V8.10 and above)

4.8.2.6 The PostmasterCopy option

4.8.3 The /etc/shells File

4.9 Other Security Information

4.10 Pitfalls

SEARCH CODEWALKERS

TOOLS YOU CAN USE

sendmail Security Options - 4.8.3 The /etc/shells File

(Page 4 of 6 )

To prevent certain users from running programs or writing to files by way of the aliases or ~/.forward files, V8 sendmail introduced the concept of a “valid shell.” Just before allowing delivery via an alias so:

To prevent certain users from running programs or writing to files by way of the or files, V8 introduced the concept of a “valid shell.” Just before allowing delivery via an alias so:

|"/some/program"
/save/to/a/file

the user’s password entry is looked up. If the shell entry from that password entry is a valid one, delivery is allowed. A shell is valid if it is listed in the /etc/shells file.* If that file does not exist, sendmail looks up the shell in its internal list, which looks (more or less) like this:†

/bin/bsh
/bin/csh
/bin/ksh
/bin/pam
/bin/posix/sh
/bin/rksh
/bin/rsh
/bin/sh
/bin/tcsh
/usr/bin/bsh
/usr/bin/csh
/usr/bin/keysh
/usr/bin/ksh
/usr/bin/pam
/usr/bin/posix/sh
/usr/bin/rksh
/usr/bin/rsh
/usr/bin/sh
/usr/bin/tcsh

With this technique it is possible to prevent certain users from having sendmail running programs or delivering to files on their behalf. To illustrate, consider the need to prevent the ftp pseudouser from misusing sendmail:

ftp:*:1092:255:File Transfer Protocol Program:/u/ftp:/no/shell

Here, any attempt by ftp to send mail through a program or into a file will fail because the shell /no/shell is not a valid shell. Such mail will bounce with one of these two errors:

User ftp@here.us.edu doesn't have a valid shell for mailing to programs
User ftp@here.us.edu doesn't have a valid shell for mailing to files

Note that unusual circumstances might require you to allow users with invalid shells to run programs or deliver to files. To enable this for all such users (as on a mail server with restricted logins), place the following line directly in the /etc/shells file:

/SENDMAIL/ANY/SHELL/

To enable this for selected users, just replace their shell with a bogus one that is listed in /etc/shells:

ftp:*:1092:255:File Transfer Protocol Program:/u/ftp:/bogus/shell

We recommend that all pseudousers (such as bin and ftp) be given invalid shells in the password file and that /SENDMAIL/ANY/SHELL/ never be used.

Be warned, however, that if a user can get into your machine as ftp, it can be possible for that user to run another shell, such as csh(1). Thus, in addition to listing a bogus shell, you might need to take further steps to prevent such access.

Next: 4.9 Other Security Information >>

More Server Administration Articles
More By O'Reilly Media

blog comments powered by Disqus

SERVER ADMINISTRATION ARTICLES

- Server Responses to Client Communication
- Authentication in Client/Server Communication
- Client/Server Communication
- Understanding Awk in the UNIX Shell
- Stream Editor in the UNIX Shell
- Processes in the UNIX Shell
- Migrating from Windows to Wine
- Wine: Not Another Emulator
- Preventive Measures to Block SSH Attacks
- Monitoring Temperatures with Cacti
- Cacti: RRDTool-based Graphing Solution
- Network Magic 5.0 Review
- Netfilter and Iptables Overview
- Installing and Configuring Squid
- Clickfree PC Backup Systems Compared

Find More Server Administration Articles