By default, the /usr/lib/courier/courier/submit binary used by courier to add message to the mail queue is readable and executable only by user mail or group mail. When normal users try to run sendmail, it finds that it cannot execute submit, prints an error message, and exits. /usr/bin/sendmail is installed as being owned by root:mail. Making it setuid allows normal users to send mail. (According to the courier documentation, setting it setgid only sets the effective gid to mail; http://www.courier-mta.org/install.html#suid has more info.) IMO, /usr/bin/sendmail should be set setuid when installed; if not, the ebuild should output a message warning the user. jsailor@gentoo ~ $ sendmail sendmail: ERR: Permission denied 432 Service temporarily unavailable. jsailor@gentoo ~ $ sudo chmod u+s /usr/bin/sendmail jsailor@gentoo ~ $ sendmail To: jsailor@jesnetplus.com Subject: test Testing... ^Djsailor@gentoo ~ $ sudo emerge --info Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.5-r0, 2.6.11-gentoo-r4 i686) ================================================================= System uname: 2.6.11-gentoo-r4 i686 AMD Athlon(tm) XP 2800+ Gentoo Base System version 1.6.12 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Apr 30 2005, 14:33:29)] distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.5, 1.8.5-r3, 1.6.3, 1.7.9-r1, 1.9.5, 1.4_p6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/cups/docs/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 X aalib acl acpi aim alsa apm avi berkdb bitmap-fonts bzlib calendar cdr cdrom cgi chroot cracklib crypt cups curl emboss encode escreen esd ethereal exif expat fam fbdev foomaticdb force-cgi-redirect fortran ftp gcj gd gdbm gif gimpprint gpm gtk gtk2 icq idea imagemagick imap imlib ipv6 ithreads jabber java jikes jpeg libg++ libwww mad maildir matroska mikmod motif mp3 mpeg mpeg4 mplayer msn mysql ncurses nls nptl objc ogg oggvorbis opengl oss pam pcre pdflib perl plotutils png ppds procmail pthreads python readline samba skey slang spell ssl svga symlink tcltk tcpd threads tiff transcode truetype truetype-fonts type1-fonts usb vhosts vim-with-x vorbis wxwindows xml2 xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Should be in cvs shortly. I went with a warning instead of making yet another thing suid that doesn't need to be under most circumstances.