Re: [Exim] uid/gid

Top Page
Delete this message
Reply to this message
Author: Midwest Mold
Date:  
To: Philip Hazel
CC: Sheldon Hearn, exim
Subject: Re: [Exim] uid/gid
So how do I select the proper uid/gid. Do I randomly select a number out of a hat,
or are there specific considerations I don't know about. I would rather not wreck
the entire system by my ignorance.
Thanks!
Tim spencer

Philip Hazel wrote:

> On Thu, 28 Jun 2001, Sheldon Hearn wrote:
>
> > As an aside, I'd urge you to leave these values out of the compile-time
> > options and supply them as values in the configuration file. That way,
> > you can use names instead of numbers, which may become an issue as your
> > installation grows beyond a single host.
>
> I have to differ here. It is (IMHO) much safer to have these values
> built into the binary once and for all. No risk of screwing up as a
> consequence of an accident while editing the runtime config.
>
> In fact, in Exim 4 you will be required to supply values at compile
> time, though you could supply 0,0 and still override in the runtime
> configuration if you really want to.
>
> Where you specify the uid does in fact make a difference. Here is a
> comment from the Exim source, in code with comes before the runtime
> configuration is read:
>
> /* If the configuration file name has been altered by an argument on the
> command line (either a new file name or a macro definition) and the caller is
> not root or the exim user, or if this is a filter testing run, remove any
> setuid privilege the program has, and run as the underlying user. */
>
> The "exim user" that is referred to at that point is the value built
> into the binary (obviously, really, since it hasn't read the runtime
> configuration yet). This has to happen this way so that unprivileged
> users can't use -C to read files to which they have no access.
>
> Further down in the Exim code, we have
>
> /* If we have removed the setuid privilege because of -C or -D, and it turns
> out we were running as the exim user defined in the configuration file, log
> an error, because this doesn't work. The exim user has to be built into the
> binary for -C/-D to retain privilege. */
>
> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.