ph10@??? said:
> It is worth pointing out explicitly that it is indeed possible to do
> this with Exim. If all the local deliveries can be run as exim (or you
> don't do any local deliveries), and you don't need to change uid to
> read .forward files (or you don't have any .forward files), and you
> can live without the ability to HUP the daemon (or you don't use a
> daemon) then the Exim binary can be setuid exim rather than setuid
> root and you can run with security=unprivileged.
You could also pretty much use this config with an external (to exim)
MDA final delivery agent - the /bin/mail, procmail, deliver type setup
used by sendmail.
The exim binary would need to be setuid to something other than root if
other owned processes were invoking it.
Another method of getting a daemon running without requiring root would
be to have it started by inetd in wait more - this would need some
small code changes to exim to allow it to accept a port 25 as stdin and
then hold that as a daemon socket.
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
