Re: [Exim] TLS and root priv

Página Inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Para: Tim Waugh
CC: exim-users
Assunto: Re: [Exim] TLS and root priv
On Sat, 17 Feb 2001, Tim Waugh wrote:

> With exim running as user mail group mail, exim can't read the SSL
> certificate (only readable by root). To quote the reporter,


It is clearly documented that if you set an Exim uid/gid, it runs as
that user when receiving mail. It gives up all root privilege once the
daemon has bound to port 25. So if you want it to read certificate
files, they have to be readable by that user.

> "Would it be better to read the config, read certificates to memory
> first and than change uid/gid to specified in config."


Exim is flexible. The certificate required can vary, depending on the
connecting host (and anything else you like - day of the week,
whatever). So it would need to read all possible certificates that it
might ever require. I do not think this is sensible.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.