1

I have a program that gets called when an incoming email arrives on a Solaris 10 machine by using /etc/aliases. So far the only way to get sendmail to execute this program is to set the the setuid bit to root. Even with read/execute set on the other group, sendmail still can't execute my program without setuid bit set to root.

I've found that sendmail runs as the daemon user on Solaris 10.

I'd like to avoid using setuid root on my executable and have sendmail to execute my program. Is there something I'm missing in properly setting up the permissions?

Signal15
  • 952
  • 7
  • 29
Tyke
  • 11
  • 1
  • I have never used Solaris before, but I think `sudo` is something that can be handy for your problem `unprivileged_user ALL=(root) NOPASSWD: privileged_command` – Daywalker Aug 26 '13 at 10:38
  • Solaris by default doesn't have sudo, this has to be a near stock Solaris install. – Tyke Aug 26 '13 at 10:43

1 Answers1

0

Is the binary setuid root or setuid "daemon"?

Try changing the owner of the binary to "daemon". That might work, based on the documentation (emphasis added);

When setuid (set-user identification) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who created the process. This permission enables a user to access files and directories that are normally available only to the owner.

@Daywalker As mentioned, "sudo" does not come with Solaris 10. However there is "pfexec" (quick how-to at c0t0d0.org)

Signal15
  • 952
  • 7
  • 29
  • The binary I have has setuid root. I could try setting it to setuid daemon but I still have the same problem as root. If the binary is executing with daemon permissions then I don't know what the full implication is on a system when you make a binary owned by daemon. I'd rather have the binary execute with a predefined user that I have. – Tyke Aug 28 '13 at 00:03