HPE Community
Operating System - HP-UX
1846902 Members
4173 Online
110256 Solutions
New Discussion

Re: sendmail / perms

 
Nobody's Hero
Valued Contributor

‎11-08-2007 10:35 PM

‎11-08-2007 10:35 PM

sendmail / perms

I have a user that needs to start / stop / configure sendmail and sendmail.cf.

Is there a way I can allow this to a non root user?
UNIX IS GOOD
0 Kudos
Reply
5 REPLIES 5
Nobody's Hero
Valued Contributor

‎11-08-2007 10:39 PM

‎11-08-2007 10:39 PM

Re: sendmail / perms

I also run in an LDAP environment, but I am a novice at LDAP. Maybe someway to do allow it there?
UNIX IS GOOD
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎11-08-2007 10:40 PM

‎11-08-2007 10:40 PM

Re: sendmail / perms

Hi,

What about configuring sudo for this user?

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Regards,
Robert-Jan
0 Kudos
Reply
Nobody's Hero
Valued Contributor

‎11-08-2007 10:47 PM

‎11-08-2007 10:47 PM

Re: sendmail / perms

I like that idea, but the Government won't allow it it my division.
UNIX IS GOOD
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎11-08-2007 10:56 PM

‎11-08-2007 10:56 PM

Re: sendmail / perms

Does not like open source or does not like packages from non supported suppliers?

Sudo is part of the HP Internet Express and can be downloaded from the official HP software website.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

Robert-Jan
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎11-09-2007 03:33 AM

‎11-09-2007 03:33 AM

Re: sendmail / perms

A couple thoughts.

1) edit of the sendmail.cf can be controlled with group file permissions. I do not believe that an edit of this file requires a stop and start of the sendmail daemon. Outgoing mail always starts up a new process and re-reads the files.

2) If the configuration changes are for incoming mail then another option is to run sendmail through inetd, that way every new incoming connection will spawn a new sendmail and re-read the config.

The other left-over issue might be if the mail queue needs watching.

3) One last option and maybe the best is to use restricted sam. Create a script that either would allow the stop/start of sendmail and even vi of the sendmail.cf. Set up the custom sam entry and run this script as root. Then configure this user to enable use of this menu option.

#3 is the best, supported by HP, secure, restricted, and controllable. (just make sure your script is secure).


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.