Re: frozen messages

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Niels Provos
CC: Nigel Metheringham, exim-users
Subject: Re: frozen messages
On Thu, 19 Dec 1996, Niels Provos wrote:

> That means check_local_user only works if you set exim_user and use
> seteuid in the security setting ?


Firstly, check_local_user does more than one thing. It always checks
that the local_part is a valid local user. The business about uids is
secondary. The comment in the code says:


/* If the seteuid option is on and a uid is available (either explicit or as a
result of check_local_user), use seteuid() to become the local user. This is
necessary in order to read .forward files that are in NFS-mounted home
directories. The macros expand to -1 on systems without setuid() configured,
but in those cases this code is never obeyed, as the option is locked out in
the init check.

Even if the seteuid option is not on, we need to do this when the security
level is 1 or 3, because in those cases this code is running seteuid to exim.
But only when a uid is available. */


[Explanation: the "seteuid" option referred to is the option on the
forwardfile director, not the overall setting; security level 1 is
"seteuid", 3 is "setuid+seteuid" in the global setting.]

So, if you had not set up an exim user, it should have been running as
root when trying to read the .forward file.


--
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714