Re: [EXIM] permissions for non-root exim

Top Page
Delete this message
Reply to this message
Author: Peter Radcliffe
Date:  
To: eml
Subject: Re: [EXIM] permissions for non-root exim
"V. T. Mueller" <vtmue@???> probably said:
> Specifying a UID for exim to run under brought up a few 'problems':
> Exim runs as bin:mail. One point was that I wanted it to write its


I would _really_ not recommend this.
The bin user owns many system programs which are run by root predictably
and in theory with exim running as bin if any problems are discovered
with exim itself you might be able to overwrite said root run binaries and
get root ...

> logfiles next to all other logfiles in /var/adm/syslog/. Since /var/adm/
> is set to 750 I had to add access for bin:mail using ACLs - that one works
> fine and could be done in a minute.


I keep my exim logs in /var/log/exim, which I have owned by my exim user.

> 04vb-00 == vtmue@??? T=local_delivery defer (13):
> Permission denied: creating lock file hitching post
> /var/mail/vtmue.lock.heaven.ruf.uni-freiburg.de.3648a254.00004a05
> 21:36:56 0zdKX2-00
>
> didn't exist while running exim as root:root. The point is that I'm not
> keen on adding ACLs for every local user to /var/mail. How about using a
> different directory for lock files? If so, could this be specified as a
> runtime configurable Option (I couldn't find anything appropriate in the
> specs)? Any other ideas?


What are the permissions on /var/mail ?

The usual method for dealing with /var/mail writing as the user is
having it world writable, but sticky, a'la /tmp.
I don't like this, so I deliver to home directories.

P.

-- 
pir               pir@???      pir@???      pir@???



--
*** Exim information can be found at http://www.exim.org/ ***