There are three major ways in which
sendmail can be run:
as a set-user-id root
process (that is, with the permissions of root
regardless of who runs it), as a root process
because it was run by root, or as an ordinary
process run by an ordinary (nonprivileged) user. When
sendmail is running with
root privilege and when the
F=S delivery agent flag is specified for a
delivery agent, sendmail
always invokes that delivery agent as the
effective user and effective group specified by the
U= delivery agent equate. If the
U= delivery agent equate is unspecified or is
specified as zero, it runs as the effective user
root. In both instances, the real user and real
group IDs remain those of the recipient.
If the F=S flag is omitted from the delivery
agent, the following scenarios occur:
If delivery is to a file, and if the set-user-id
bit is set in the file's permission bits, and if the
execute-bit is not set,
sendmail sets its user and group identities to
those of the owner and group of the file.
Otherwise, if the set-user-id bit is not set, or
if deliver is not to a file, and if there is a controlling user
(C line) for the address,
sendmail sets its identity to that of the
controlling user for delivery.
Otherwise, if the user or group part of the U=
delivery agent equate was missing or 0, sendmail
assumes the identity of the DefaultUser option
Otherwise, sendmail assumes the identity of the
U= delivery agent equate.
If it fails to set its identity, it prints and logs the following
insufficient privileges to change gid, RealGid=rgid, RunAsUid=ruid, gid=gid, egid=egid
Note that this F=S flag was revised once for V8.7.
Then it was revised again for V8.9, and has remained stable since.