Re: [Exim] Non root operation

Top Page
Delete this message
Reply to this message
Author: Peter Radcliffe
Date:  
To: exim-users
Subject: Re: [Exim] Non root operation
Mathew Johnston <johnston@???> probably said:
> It doesnt sound like I've explained it correctly...


No, I understand.

> I want to run exim as a normal user, and give that user
> only the permissions to modify the particular files relating
> to mail. I do not want to run exim as root, I dont want it
> changing to the user id of the user that it's delivering to,


This is trivial.

> and I dont want to have to give it root to let it listen on
> port 25.


Unless your OS allows non-root users to bind to low ports, this is
impossible. It must have root privs, however briefly, to bind to
port 25.

I have exim on relay machines running as user 'exim', suid user
'exim', the only time it is run as root is the initial startup when
the machine boots or I restart exim to bind to port 25 and then it
quickly runs as the exim user as soon as it has bound and never
regains root privs, and is not suid root.

> I want to use LIDS and ACLs or heavy use of groups to provide
> this functionality, but I fear that because exim wasnt
> designed to do this (it was designed to run as root it sounds),
> it'll try to switch effective UIDS even when it doesnt have
> permissions to, even though it has the permissions to write
> to the files that it wants to as it's self.


exim has an option, which I even specificly pointed you at,
to run as it's own user. RTFM.

If you use this option, which is fully documented, it will not
try to switch UIDs. RTFM.

> Because its more complex to do this ACL/LIDS/groups concept,
> not every one will want to use it, and it shouldnt be default,
> but for those willing to put in the extra work, is it not
> reasonable to provide a configuration option to let exim
> assume that it has the permissions to deliver the mail as it's
> self?


RTFM.

P.

-- 
pir                  pir@???                    pir@???