Re: [Exim] Exim and IBM DB2

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Sheldon Hearn
CC: Sean Witham, Exim Users Mailing List
Subject: Re: [Exim] Exim and IBM DB2
On Wed, 19 Dec 2001, Sheldon Hearn wrote:

> > Sorry, Sheldon, but I'm afraid that's not true. An Exim delivery process
> > retains privilege until after it has done local deliveries. Each local
> > delivery is done in a subprocess which throws away privilege, but the
> > controlling process retains privilege.
>
> Oooer. :-(
>
> This could be avoided if each delivery process were exec()'d, though,
> yes?


No, it cannot be avoided. Most delivery processes *are* exec{}'d,
precisely in order to obtain privilege. The delivery process needs
privilege so that it can run sub-processes which each become the
relevant user for local delivery.

This can only be avoided if you are running in a restricted environment
where either no local deliveries are done, or they are all done as the
exim user, and you don't want .forward file support. As documented in
section 46.2 in the Exim 4 manual, "Running Exim without privilege".


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.