Allow root delivery to files debug with confENVDEF

When delivering to files, sendmail runs as the controlling user unless the suid or sgid bits of the file are set. If they are set, sendmail runs as the owner of the file. A question arises when such files are root-owned. Ordinarily, writing to suid and sgid root-owned files as root is disallowed.

If, for some reason, your site needs to allow delivery to suid and sgid root-owned files with sendmail running as root, you can enable this behavior by adding a line such as the following to your Build m4 file:


But be aware that you might open serious security holes on your system if you do this. We recommend that SUID_ROOT_FILES_OK never be defined, except as a temporary debugging technique.

If you define this compile-time macro, you will need to rebuild both libsm and sendmail for it to have an effect.

If you are running a precompiled sendmail binary, you can use the -d0.1 debugging command-line switch (-d0.1) to determine if SUID_ROOT_FILES_OK support is included (if it appears in the list, support is included).

