Re: [Exim] unable to set gid or uid

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Norihisa Washitake
CC: exim-users
New-Topics: It worked with 'no_verify' (Re: [Exim] unable to set gid or uid)
Subject: Re: [Exim] unable to set gid or uid
On Tue, 9 Apr 2002, Norihisa Washitake wrote:

> > > > > -rwsr-xr-x 1 root root 533266 Apr 8 00:09 exim-4.02-10
> > > > > -rwxr-xr-x 1 root root 533266 Apr 8 04:15 exim-4.02-10.daemon


> I'm starting the daemon as root.
> I sometimes HUP the daemon, but nothing changes.
> Two binaries are identical, because I just copied exim-4.02-10.daemon
> from exim-4.02-10 by 'cp' command. So time stamps are different.


That won't necessarily work. When you compile Exim, you specify
BIN_DIRECTORY. From this, Exim contructs its own pathname. When you HUP
the daemon, or when Exim re-execs itself in order to regain privilege,
it uses the path name that is in the binary, unless you have changed
exim_path in the configuration.

If you start the daemon as root using the second binary, and then HUP
it, Exim will re-exec the first binary (assuming you specified
BIN_DIRECTORY correctly). Actually, since that is setuid, it should
work.

I don't understand what you are actually trying to achieve by this
split. It doesn't seem to gain you anything. But I don't think it is the
cause of the problem.

> Now, what I think strange is, that exim can deliver mails to users'
> home directories under users' ownership with 700 permission.
> It seems exim can setuid to some user in appendfile driver, but
> can not in redirect driver?


It depends when it is running the router. You originally posted this:

> 2002-04-08 01:15:59 unable to set gid=12 or uid=505 (euid=8):
>                     system_aliases router
> 2002-04-08 01:16:01 internal problem in system_aliases router:
>                     failure to transfer data from subprocess


There are no message IDs in those log lines. I think this is the clue.
What caused this logging to happen? I suspect it was during a
verification process while Exim was receiving a message, not during a
delivery. (During a delivery, there would be a message ID.)

> system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> domains = chimons.org:
> data = ${lookup{$local_part}lsearch{/etc/aliases}}
> user = fml
> group = mail
> file_transport = address_file
> pipe_transport = address_pipe


What are the contents of /etc/aliases? Are there any :include: entries?
If there are, Exim will try to change uid/gid in order to read the
included files. It cannot do this while it is receiving a message,
because it is running as exim, not as root.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.