Re: [Exim] Non root operation

Top Page
Delete this message
Reply to this message
Author: Mathew Johnston
Date:  
To: exim-users
Subject: Re: [Exim] Non root operation
It doesnt sound like I've explained it correctly...

I want to run exim as a normal user, and give that user
only the permissions to modify the particular files relating
to mail. I do not want to run exim as root, I dont want it
changing to the user id of the user that it's delivering to,
and I dont want to have to give it root to let it listen on
port 25.

I want to use LIDS and ACLs or heavy use of groups to provide
this functionality, but I fear that because exim wasnt
designed to do this (it was designed to run as root it sounds),
it'll try to switch effective UIDS even when it doesnt have
permissions to, even though it has the permissions to write
to the files that it wants to as it's self.

Because its more complex to do this ACL/LIDS/groups concept,
not every one will want to use it, and it shouldnt be default,
but for those willing to put in the extra work, is it not
reasonable to provide a configuration option to let exim
assume that it has the permissions to deliver the mail as it's
self?

Mathew Johnston

On Wed, Mar 07, 2001 at 09:00:06PM -0500, Peter Radcliffe wrote:
> Mathew Johnston <johnston@???> probably said:
> > -Provide exim capability to bind ports
> > lower than 1024. (via LIDS or something else)
>
> Start it as root when the machine boots with -bd.
>
> > The only problem that I forsee, is that exim
> > will still want to be able to assume a different
> > euid for delivery. Therefore, I'm proposing a
> > configuration option in the config file that lets
> > you tell exim to do everything under it's own user's
> > uid, and not change at all.
>
> RTFM security = unprivileged
>
> P.
>
> -- 
> pir                  pir@???                    pir@???

>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##