Hi,
I recently upgraded to Exim 4.05 (from 3.something). I'm seeing some
occasional messages like the following in my log:
... unable to set gid=39 or uid=32767 (euid=8): system_aliases router
... temporarily rejected RCPT <...>: internal problem in system_aliases
router: failure to transfer data from subprocess
I have a pretty standard system_aliases router:
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}dbm{/etc/mail/aliases}}
user = nobody
file_transport = address_file
pipe_transport = address_pipe
gid 39 is 'nobody' and uid 32767 is the user 'nobody', and uid 8 is 'mail'
(the exim user).
The strange thing is that the system_aliases router works fine most of the
time. Exim will deliver to aliases like:
postmaster: root
majordomo: "| /usr/pkg/libexec/majordomo/wrapper majordomo"
However, exim fails to deliver (and generates the above error) for
aliases like
mylist: :include:/home/majordom/lists/mylist
So what is different about the way :include: is procecssed from how pipes
are processed by the redirect router? I haven't been able to find a
detailed description of when exactly exim is supposed to do setuids in the
docs (and I haven't got around to digging through the source yet). I know
the process accepting SMTP input is running as the exim_user, but is its
real UID still root (i.e. could it reclaim its root privledges)?. If not,
does it just write any message requiring other priveledges to the queue so
that its picked up by a process with real-uid of root?
Any ideas? Thanks,
Rick