Secure majordomo

[Gary Thandi <Gary . Thandi @ 360 . net>]

Hi All,

My configuration is: 
Solaris 8
Sendmail with smrsh 8.12.7 (from sendmail.org compiled for Solaris 8)
Majordomo 1.94.5

I've done a bunch of research on setting up Sendmail securely, but I'm still
a little stuck.  I believe my problems are due to permissions and not using
TrustedUsers and RunAsUser correctly.

There are so many conflicting recommendations out on the Net as to how you
can cludge your permissions to get this working.  It's difficult to know who
to trust and I want to make sure I've tightened things properly.

With this configuration, newaliases -v gives permission errors and
ultimately mail via majordomo is not delivered.

Here are the relevant entries out of /etc/passwd
majordomo:x:MUID:MGID:Majordomo Admin:/loc01/users/majordomo:/bin/ksh
smmsp:x:SUID:SGID::/loc01/users/smmsp:/bin/false

Here are the relavant entries out of /etc/group
mail::6:root
majordomo::MGID:majordomo
smmsp::SGID:smmsp
*Note I've removed the actual group and user IDs **

Details from /etc/mail/sendmail.cf
# Trusted user for file ownership and starting the daemon
O TrustedUser=smmsp
# what user id do we assume for the majority of the processing?
O RunAsUser=root
# Alias files
O AliasFile=/etc/mail/aliases,/etc/majordomo.aliases

Permissions
-rwxr-sr-x   1 root     smmsp     634760 Jan 30 08:34 /usr/lib/sendmail
-r-x--x--x   1 root     other      70796 Jan 30 10:02 /usr/lib/smrsh
drwxr-xr-x  36 root     sys         4096 Feb 12 23:58 /etc
drwxr-xr-x   2 smmsp    smmsp       1024 Feb 12 15:52 /etc/mail
-rw-r--r--   1 smmsp    smmsp        153 Nov 20 15:16 /etc/mail/Mail.rc
-rw-r--r--   1 smmsp    smmsp       1256 Feb 12 15:52 /etc/mail/aliases
-rw-r--r--   1 smmsp    smmsp          0 Nov 22 08:11 /etc/mail/aliases.dir
-rw-r--r--   1 smmsp    smmsp       1024 Feb 13 15:35 /etc/mail/aliases.pag
-rw-r--r--   1 smmsp    smmsp         23 Jan 22 11:35 /etc/mail/helpfile
-rw-r--r--   1 smmsp    smmsp         18 Feb 13 12:01
/etc/mail/local-host-names
-rw-r--r--   1 smmsp    smmsp       1829 Nov 20 15:06 /etc/mail/mailx.rc
-rw-r--r--   1 smmsp    smmsp      28806 Nov 20 15:16 /etc/mail/main.cf
-rw-r--r--   1 smmsp    smmsp         14 Dec 11 14:31
/etc/mail/relay-domains
-rw-r--r--   1 smmsp    smmsp      39338 Feb 13 14:53 /etc/mail/sendmail.cf
lrwxrwxrwx   1 root     root           8 Nov 20 15:32 /etc/mail/sendmail.hf
-> helpfile
-rw-r--r--   1 smmsp    smmsp        628 Feb 13 15:27 /etc/mail/statistics
-rw-r--r--   1 smmsp    smmsp      29484 Nov 20 15:16
/etc/mail/subsidiary.cf
-rw-r--r--   1 smmsp    smmsp         21 Jan 30 12:30
/etc/mail/trusted-users
drwxr-xr-x   2 root     bin          512 Jan 30 11:09 /var/adm/sm.bin
drwxr-xr-x   9 root     bin          512 Jan 30 11:33 /var/spool
drwxrwx---   2 smmsp    smmsp        512 Jan 30 11:33
/var/spool/clientmqueue
drwxrwx---   2 root     majordomo     512 Feb 13 15:27 /var/spool/mqueue
lrwxrwxrwx   1 root     other         14 Feb 12 15:49 /etc/aliases ->
./mail/aliases
-rw-r--r--   1 smmsp    smmsp       1256 Feb 12 15:52 /etc/mail/aliases
-rw-------   1 smmsp    smmsp       1259 Feb 11 15:38 /etc/majordomo.aliases

Thanks in advance!