Re: [Exim] Exim and PAM, again

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: exim-users
Sujet: Re: [Exim] Exim and PAM, again
On 2000-09-13 at 16:45 +0100, Christi Alice Scarborough gifted us with:
> Assumning this is correct, why doesn't adding the exim user to group
> shadow make this work?


Because Exim is a setuid root binary, which when acting as a daemon (and
assuming that it doesn't go into unprivileged mode) will set itself to
the user/group ids defined in the Makefile. It doesn't call
initgroups() and so the entry in /etc/group is never seen.

Exim uses initgroups on a transport if told to use the 'initgroups'
option, but AFAIK there is no 'transport' associated with incoming SMTP.
If there were, a _lot_ of config would move out of the main config
section. :^)

You either remake Exim in group shadow, or you consider alternatives.

Ie, write a daemon or use pam_pwdfile and avoid system passwords.
--
A science is said to be useful if its development tends to accentuate the
existing inequalities in the distribution of wealth, or more directly promotes
the destruction of human life - Godfrey Hardy, A Mathematician's Apology, 1941