Re: [Exim] Solaris 2.6, Perl 5.6.1, exim 3.22 - Can't open p…

Top Page
Delete this message
Reply to this message
Author: Sheldon Hearn
Date:  
To: Gustav H Meyer
CC: Philip Hazel, exim-users
Subject: Re: [Exim] Solaris 2.6, Perl 5.6.1, exim 3.22 - Can't open pipe

On Thu, 28 Jun 2001 17:57:35 +0200, Gustav H Meyer wrote:

> Ok guys, thanks for all the help you guys are great. To make a
> long story short. I recompiled exim with EXIM_UID=0 and EXIM_GID=1
> and now all is working. I guess that is what you mean by "Make exim
> setuid root"?


Not really. :-)

Now Exim will always run as root. If you're concerned about security
exposure, this isn't ideal.

You probably want to configure Exim to run as a non-priveleged user,
by changing the configure file, e.g.

    exim_user = exim
    exim_group = mail


Then, you should make the exim binary setuid root, e.g.

    chmod u+s /usr/local/sbin/exim


This way, any user will execute Exim with root privelege until Exim sees
fit to drop privelege and become user exim. You could get more paranoid
than this, but not without sacrificing the ability to deliver into
mailboxes that aren't group-writable to the exim_group.

Ciao,
Sheldon.