1 Topic by ralessi

  • ralessi
  • Guest

Topic: postfix sendmail and FHS permissions

I noticed that `postfix` was updated recently, with new permissions for `sendmail`:

$ ls -l /usr/sbin/sendmail 
-rwxr-xr-x 1 root root 26600 20 sept. 22:07 /usr/sbin/sendmail

But given FHS restrictions on `/usr/sbin`:

$ ls -dl /usr/sbin
drwxr-x--- 2 root adm 12288 20 sept. 23:30 /usr/sbin

`/usr/sbin/sendmail`, as every other command inside this directory, remains unaccessible to users who are not part of  the `adm` group.

Is this intended? And is it safe or recommended to add users to the `adm` group when this was not necessary before? (I believe it is safe, but I just want to be sure.)

2 Reply by emulatorman

  • emulatorman
  • Hyper Expert
  • Offline
  • Registered: 2017-09-09
  • Posts: 186

Re: postfix sendmail and FHS permissions

ralessi wrote:

Is this intended? And is it safe or recommended to add users to the `adm` group when this was not necessary before? (I believe it is safe, but I just want to be sure.)

It is intended because the utilities used for system administration (and other root-only commands) are stored in /sbin, /usr/sbin, and /usr/local/sbin and it requires limited access only for users who are focused for those tasks. See here for further details.

3 Reply by ralessi

  • ralessi
  • Guest

Re: postfix sendmail and FHS permissions

Emulatorman wrote:

It is intended because the utilities used for system administration (and other root-only commands) are stored in /sbin, /usr/sbin, and /usr/local/sbin and it requires limited access only for users who are focused for those tasks. See here for further details.

Thank you for pointing me to this documentation.  Everything is now very clear to me!