Beginning with V8.10, sendmail has two different
types of trusted users. There are the traditional trusted users
defined by the T configuration command (and the
class $=t), who can set the sender address using
the -f command-line switch (-f) without generating warnings, and run
A separate TrustedUser option sets the identity of
the user who can administer sendmail. If it is
set, this user will own database-map files (such as
aliases) and the control socket (ControlSocketName).
The TrustedUser option is set like this:
O TrustedUser=user configuration file (V8.10 and later)
-OTrustedUser=user command line (V8.10 and later)
define(`confTRUSTED_USER',`user') mc configuration (V8.10 and later)
The user is either a user login name (in
which case it will be looked up with the appropriate
passwd technique), or an integer (in which case
it will be used as is as the uid for this user).
If the user is an unknown or is omitted, an
error will result:
readcf: option TrustedUser: unknown user bad name
There is no default for this option, and the mc
configuration technique leaves it undefined by default. See Section 10.8.2.3 for a more complete discussion of this option.
The TrustedUser option is not safe. If it is
specified from the command line, it can cause
sendmail to relinquish its special privileges.