sendmail/setuid

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Sun Dec 27 17:34:13 GMT 2020


On 2020-12-27 07:53, Tomas By wrote:
> On Thu, 24 Dec 2020 20:12:17 +0100, Brian Inglis wrote:
>> On 2020-12-24 04:17, Tomas By wrote:
>>> I'm using the Cygwin Sendmail (8.14), and am getting this in the log
>>> file of a program that is supposed to send an email.
>>>
>>> | 451 4.0.0 drop_privileges: setuid(18) failed: Operation not permitted
>>> | RSET
>>> | 250 2.0.0 Reset state
>>>
>>> Does this come from Cygwin? It would be odd if it is from the program.
>>>
>>> There is no user 18. The Windows user id's (I think) are 500, 501,
>>> 1000, 1002, 1003.
>>
>> $ getent passwd 18
>> SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash

>>> What is the simplest solution?
>>>
>>> I had it working before I reinstalled, but I tried many things, most
>>> of which I do not want to repeat.

>> Process or program may need to be run elevated with admin privileges,
>> or configured to not require them if that is even possible.
>> The easiest way to do that I have found is to create a Windows task to
>> run elevated (with highest privileges) under user SYSTEM and run a
>> shell invoking a shell script.
>> The task may then start up Cygwin services to run elevated under user
>> SYSTEM or however each is configured.

 > Ok, thanks. I have now got to the point where it works if I start it
 > from a "run as administrator" command shell.
 >
 > I start Sendmail by "sendmail start" in /etc/rc.d/init.d/".
 >
 > What is the easiest way to automate this without interaction? Ideally
 > from a normal account (which is also an "administrator" if that matters).
 >
 > I want to have a .bat file in the Startup folder that starts Sendmail.

The easiest way to do that I have found is to create a Windows task to run 
elevated (with highest privileges) under user SYSTEM and run a shell invoking a 
shell script.

The task is normally run at system startup, and the shell script uses cygrunsrv 
to start all services, but could be run at user login instead I believe, or 
whatever other approach you have to execute scripts as elevated admin processes.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]


More information about the Cygwin mailing list