Re: [Exim] never_users=root

Pàgina inicial
Delete this message
Reply to this message
Autor: Willie Viljoen
Data:  
A: exim-users
Assumpte: Re: [Exim] never_users=root
On Friday 21 February 2003 15:35, you wrote:
> Did you copy this to the mailing list?


I seem to have forgotten to CC the list, thanks catching that, I'll resend
to them right away :)

I also can't believe anyone
> would be daft enough to compile exim to run as root - amazing.


Stranger things have happened, don't tell anybody I said so, but I'll bet
this guy is a "highly qualified IT professional", yay. I've seen people do
this before, usually it's because they started out with some "made for
market" SuSE or Red Hat automatic installation, and when they compiled Exim
properly, it couldn't deliver because they forgot to set proper permissions
on most of /var, then they recompile and run as root. I'm amazed this guy
has even gone to the trouble of asking, mostly they just comment out
never_users = root and report it as a bug ;)

Will

>
> On Fri, 2003-02-21 at 13:34, Willie Viljoen wrote:
> > Exim can really use any user you like, as long as that user is not on
> > the never_users list. However, compiling it to run as root is a
> > *REALLY* stupid idea. If there is a security hole in the code, your
> > system can be fully compromised by a remote atacker.
> >
> > Virtually all systems have a user mail (UID 8) and a group mail (GID
> > 12) for handling this. Compile with EXIM_USER=mail and EXIM_GROUP=mail
> > and then set never_users = root in your configuration file.
> >
> > As long as permissions on your spool directory and /var/mail are
> > correctly set up, Exim does not ever need to run as root.
> >
> > Will
> >
> > On Friday 21 February 2003 15:23, Konrad Michels wrote:
> > > I may be mistaken, but I'm sure you're supposed to set the
> > > compile-time option of EXIM_USER= to something OTHER than root. At
> > > least this is the way I've always compiled exim! Assuming you have a
> > > user "exim" on your system, set the EXIM_USER= to "exim", recompile
> > > and you should be able to uncomment "never_user" so that it works
> > > properly.
> > >
> > > Later
> > > Konrad
> > >
> > > On Fri, 2003-02-21 at 13:23, Michael Daly wrote:
> > > > Hi,
> > > >
> > > > I am using exim 4.12 on suse linux 8.0 and can not get it working
> > > > with never_users=root defined (this worked for me with exim3.xx).
> > > > The spool and log files all have set to user root and group root. I
> > > > compiled the source code with EXIM_USER=root. With never_users
> > > > commented out exim works fine but I get the impression it should be
> > > > included.
> > > >
> > > > Michael.
> > > >
> > > > ###################################################################
> > > >### 2003-02-21 09:25:29 18m9QZ-0002OA-00 <= root@???
> > > > U=root P=local S=311
> > > > 2003-02-21 09:25:29 18m9QZ-0002OA-00 User 0 set for remote_smtp
> > > > transport is on the never_users list
> > > > 2003-02-21 09:25:29 18m9QZ-0002OA-00 == yorksmdaly@???
> > > > R=dnslookup T=remote_smtp defer (-29): User 0 set for remote_smtp
> > > > transport is on the never_users list
> > > > ###################################################################
> > > >###
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > ## List details at http://www.exim.org/mailman/listinfo/exim-users
> > > > Exim details at http://www.exim.org/ ##
> > >
> > > --
> > > *********************************************************************
> > >** *
> > > * Konrad Michels
> > > * System Administrator
> > > * Surfkitchen Limited
> > > * Abbey House
> > > * 1650 Arlington Business Park
> > > * Theale
> > > * RG7 4SA
> > > * United Kingdom
> > > * Tel: +44 118 929 8079
> > > *
> > > *********************************************************************
> > >**
> > >
> > > --
> > >
> > > ## List details at http://www.exim.org/mailman/listinfo/exim-users
> > > Exim details at http://www.exim.org/ ##


--
Willie Viljoen
Freelance IT Consultant

214 Paul Kruger Avenue, Universitas
Bloemfontein
9321
South Africa

+27 51 522 15 60
+27 51 522 44 36 (after hours)
+27 82 404 03 27 (mobile)

will@???