Author Topic: sendmail and other stuff  (Read 816 times)

TheQuirk

  • VIP
  • Member
  • ***
  • Posts: 2,154
  • Kudos: 315
sendmail and other stuff
« on: 22 December 2002, 11:04 »
I was reading a very good guide, http://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-The-Ultimate-Solution-v2.0.pdf, on optimizing Linux and securing it. Now, I was on a page that told me to delete a few users, one of them being "mail." This alarmed me, and I  decided not to delete that user (and not delete any other user before checking everything) without checking if sendmail was using use "mail."

# ps auxwww | grep mail
root      1383  0.0  0.2  5416 2428 ?        S    13:49   0:00 sendmail: accepting connections
root      1388  0.0  0.2  5320 2304 ?        S    13:49   0:00 /usr/sbin/sendmail -q15m
root     12512  0.0  0.0  1732  600 pts/2    R    23:08   0:00 grep mail


Turns out it doesn't: it uses root. Now, I don't want that running as root. I don't want a LOT of things running root. How do I tell programs such as sendmail to run on a different username (e.g, a username that can't destroy my whole setup with one command?)

[ December 22, 2002: Message edited by: TheQuirk ]

[ December 22, 2002: Message edited by: TheQuirk ]


voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
sendmail and other stuff
« Reply #1 on: 22 December 2002, 11:30 »
Well the thing is, root is required to bind to port 25 (ports 1024 and under). It spawns a child process when a connection is made under another user so as reducing the risk. Do a "telnet localhost 25" and then do another "ps auxwww | grep mail". I don't believe you are going to want to delete the user "mail". Things will probably stop working. Where did you find an article that said to remove it?

Oh, Apache does the same thing. You should have one httpd running as root.

[ December 22, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...

TheQuirk

  • VIP
  • Member
  • ***
  • Posts: 2,154
  • Kudos: 315
sendmail and other stuff
« Reply #2 on: 22 December 2002, 12:01 »
http://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-The-Ultimate-Solution-v2.0.pdf Although now that I re-read it, it says that I should reconcider deleting "mail."

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
sendmail and other stuff
« Reply #3 on: 22 December 2002, 13:32 »
Ahhh, I'm not very observant. Yes I found the spot you were referring to in that document (whew, what a document it is!). The "mail" user is associated with the "mailx" package and you probably don't want to remove that. I believe the "mail" command is quite useful to send logs/etc from the command line and from scripts. "mail" is part of the "mailx" package.

Also, it mentions using "userdel" to remove the user in question. And if you use the "-r" parameter it will remove it's home directory. Be *very* careful using that parameter on the special accounts or it may remove more than you want to remove. Check out what the user's home directory is set to in /etc/passwd before using that.

But it looks like a very good document. I wonder if you can buy it in book form considering it's 855 pages long?

[ December 22, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...

TheQuirk

  • VIP
  • Member
  • ***
  • Posts: 2,154
  • Kudos: 315
sendmail and other stuff
« Reply #4 on: 22 December 2002, 23:03 »
quote:
Originally posted by void main:
Ahhh, I'm not very observant. Yes I found the spot you were referring to in that document (whew, what a document it is!). The "mail" user is associated with the "mailx" package and you probably don't want to remove that. I believe the "mail" command is quite useful to send logs/etc from the command line and from scripts. "mail" is part of the "mailx" package.

Also, it mentions using "userdel" to remove the user in question. And if you use the "-r" parameter it will remove it's home directory. Be *very* careful using that parameter on the special accounts or it may remove more than you want to remove. Check out what the user's home directory is set to in /etc/passwd before using that.

But it looks like a very good document. I wonder if you can buy it in book form considering it's 855 pages long?

[ December 22, 2002: Message edited by: void main ]



I was thinking of printing it myself, hehe. I know a guy that owns a printing shop, so I mgiht be able to print it out there for a small fee   .

Anyway, I found it on a site that helped me optimize Apache + PHP and Linux in general. . . Anyone wants the URL?

TheQuirk

  • VIP
  • Member
  • ***
  • Posts: 2,154
  • Kudos: 315
sendmail and other stuff
« Reply #5 on: 24 December 2002, 10:54 »
I went ahead with the book and then went back to that page a few days ago. . . What about the user "ftp"?

Also, I read the first page (didn't the first time), and saw this (thouht you might be interested):

 
quote:
Copyright

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
sendmail and other stuff
« Reply #6 on: 24 December 2002, 12:00 »
quote:
Originally posted by TheQuirk:
I went ahead with the book and then went back to that page a few days ago. . . What about the user "ftp"?



The "ftp" user is only needed if you are running an anonymous FTP server. If you were running Red Hat it would be associated with the "anonftp" package.
Someone please remove this account. Thanks...

TheQuirk

  • VIP
  • Member
  • ***
  • Posts: 2,154
  • Kudos: 315
sendmail and other stuff
« Reply #7 on: 24 December 2002, 12:31 »
quote:
Originally posted by void main:


The "ftp" user is only needed if you are running an anonymous FTP server. If you were running Red Hat it would be associated with the "anonftp" package.



Damn, you saved me twice! Thanks! What do you want in return?   :D

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
sendmail and other stuff
« Reply #8 on: 24 December 2002, 13:07 »
Your women.
Someone please remove this account. Thanks...

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
sendmail and other stuff
« Reply #9 on: 24 December 2002, 14:02 »
why is that document telling people to delete these things then if it's going to screw up their system? that's what i don't understand!
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism