On Thu, 28 Jun 2001, Sheldon Hearn wrote:
> As an aside, I'd urge you to leave these values out of the compile-time
> options and supply them as values in the configuration file. That way,
> you can use names instead of numbers, which may become an issue as your
> installation grows beyond a single host.
I have to differ here. It is (IMHO) much safer to have these values
built into the binary once and for all. No risk of screwing up as a
consequence of an accident while editing the runtime config.
In fact, in Exim 4 you will be required to supply values at compile
time, though you could supply 0,0 and still override in the runtime
configuration if you really want to.
Where you specify the uid does in fact make a difference. Here is a
comment from the Exim source, in code with comes before the runtime
configuration is read:
/* If the configuration file name has been altered by an argument on the
command line (either a new file name or a macro definition) and the caller is
not root or the exim user, or if this is a filter testing run, remove any
setuid privilege the program has, and run as the underlying user. */
The "exim user" that is referred to at that point is the value built
into the binary (obviously, really, since it hasn't read the runtime
configuration yet). This has to happen this way so that unprivileged
users can't use -C to read files to which they have no access.
Further down in the Exim code, we have
/* If we have removed the setuid privilege because of -C or -D, and it turns
out we were running as the exim user defined in the configuration file, log
an error, because this doesn't work. The exim user has to be built into the
binary for -C/-D to retain privilege. */
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
