On Tue, Dec 11, 2001 at 12:53:48PM +0200, Sheldon Hearn wrote:
> > 2001-12-11 10:33:42 exim user (uid=33) is defined only at runtime; privilege lost for -C
> If you're seeing this, you're wrong about the debian packages providing
> compile-time values for exim_user and exim_group.
Maybe I was unclear. I try to summarize again my situation:
I use the exim binary that comes with debian testing, that has
exim_user=mail and exim_group=mail. This is fine with the primary exim
configuration.
For the second one, I wanted to avoid recompiling and I'm just using a
different configuration file. Compile time defaults are therefore the
same as debian ones, since it is the same binary (that is,
exim_user=mail and exim_group=mail), but in the second config file I
have:
exim_user = www-data
spool_directory = /var/spool/exim_bulk
log_file_path = /var/log/exim_bulk/%slog
Here are the directory and file permissions:
service:~# ls -lad /var/spool/exim_bulk/ /var/log/exim_bulk/
drwxr-s--- 2 www-data adm 4.0k Dec 11 10:22 /var/log/exim_bulk//
drwxr-x--- 5 www-data mail 4.0k Dec 11 11:50 /var/spool/exim_bulk//
service:~# ls -la /var/log/exim_bulk/
total 25M
drwxr-s--- 2 www-data adm 4.0k Dec 11 10:22 ./
drwxr-xr-x 11 root root 4.0k Dec 11 06:26 ../
-rw-r----- 1 www-data adm 24M Dec 11 11:58 mainlog
-rw-r----- 1 www-data adm 0 Dec 11 10:22 paniclog
-rw-r----- 1 www-data adm 0 Dec 11 10:22 rejectlog
mainlog has been created by exim itself, while the other two have been
created by me to try to make exim write into them, but with no success.
> > Why aren't they going to the logs? mainlog is being written, and the
> > directory it is into is writable by www-data.
> Check your paniclog. Also, how're you going to write to the paniclog
> successfully if you've lost privelege? :-)
The paniclog is empty, but as you can see it is writable by www-data, so
exim should be able to write into it. It is able to write into mainlog,
why not paniclog? Even if I'm loosing root privileges, I still have
those of www-data, isn't it?
> > Another question: how can I tell the second exim configuration to route
> > the messages to be delivered locally through the first one? When some
> > delivery fails, exim tries to notify the sender by e-mail, but since it
> > is running as www-data it cannot do local deliveries. Should I just
> > tell it that no addresses are local and let it go through the usual MX
> > routing for local messages, too?
>
> Well then there's a reason not to do what you're doing. I don't think
> you can achieve what you want without giving Exim compile-time defaults
> for exim_user and exim_group and not messing around with having the
> queue owned by www-data.
As you can see, the queue IS owned by www-data and exim_user and
exim_group are overridden in the second config file and the logs are
owned by www-data and I have another exim in the same machine that can
do local deliveries and I can use it.
I fear that I'm not explaining myself well, since I feel like I'm
repeating all this over and over, so please tell me if after reading my
messages there's still something you have unclear about my
configuration.
The questions I have now are:
1) Why aren't tose messages I get in exim's stderr (as reported in the
previous post) being written to the logs?
2) Can I just say to the second exim that deliveries for the local
hostname and localhost are to be delivered via SMTP to localhost,
where the primary exim is listening?
Thanks a lot for the help you are giving me!
Bye, Enrico
