Cron: What are the requirements for setuiding sendmail?

According to the NixOS manual,


A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid sendmail. See security.wrappers

I’m confused about the setuid requirement for sendmail. Why does sendmail have to be setuided? What user/group should the sendmail executable be owned by?


I know I’m not really answering your questions, but you’re likely to have a much nicer experience using systemd timers instead of cron.


Wild guess: the sendmail binary is run under the user that the crontab was executed which normally has no permissions?

Also you should really use systemd timer.

1 Like

I keep forgetting to reply to this thread

That’s actually very helpful (I had forgotten about systemd timers). I had a significant amount of trouble getting msmtpq to work properly in a systemd service, but now that I’ve done that, I’m happy with the result.

I decided to submit this pull request since both of you are recommending systemd timers.

We’ve also made some very recent changes to the msmtpq script distributed with msmtp to ensure that all dependencies are declared rather than falling back on the system environment, which may not work when run through systemd. So unstable as of about a week ago, will be must more robust and less likely to break in case of upstream changes.

@JasonYundt , sorry, I didn’t realize you were JayMan2000 on github. So you’re aware of this of course.