On Thu, 15 May 1997, Jon Morby wrote:
> I've started seeing exim complaing it can't setgroup() occasionally ..
>
> exim: setgroups() failed: Operation not permitted
> LOG: 0 MAIN
> Process failed (1) when writing error message to faults-request@???
> delivering message 0wRxJJ-0000dn-00
> LOG: 0 MAIN
> ** karim@???: unknown local-part "karim" in domain "demon.co.uk"
> Debug level set to 1
> exim: setgroups() failed: Operation not permitted
> LOG: 0 MAIN
>
> I remember discussion about this recently on the list, and a change between
> 1.61 and 1.61 (not that we had been Exim prior to 1.62 in this function).
The code currently reads as follows:
if (setgroups(0, NULL) != 0)
{
if (setgroups(1, group_list) != 0)
{
fprintf(stderr, "exim: setgroups() failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
}
It is obeyed near the start of Exim. Previously it just did
setgroups(0, NULL);
but this was found not to work with all OS. Now, you need to be root to
run setgroups(). It suggests that somehow Exim isn't starting up as root
when being called recursively to generate an error message. You don't by
any chance, have two copies of the binary, one setuid root and the other
not, and the configuration option exim_path is set to the non-setuid
one? No, I thought not. Hmm. I wonder what else might be causing this.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
