On Thu, Jun 05, 2003 at 09:00:58PM -0400, CaLViN wrote:
> I'm using exim 4.20 on a Debian system, and I try to set up an
> optional aliases file for each domain. I am using "require_files" and
> specified "+/opt/file", but if the file exists but has wrong
> permissions I still get a "failed to open" error and a temporarily
> rejected, instead of the behaviour as documented, that the router is
> skipped.
[...]
> domain_aliases:
> driver = redirect
> allow_fail
> allow_defer
> require_files = +/opt/${domain}/aliases
> data = ${lookup{$local_part}lsearch{/opt/${domain}/aliases}}
> file_transport = address_file
> pipe_transport = address_pipe
[...]
> Now if the file exists, but has permission 000, then I get this error:
>
> 2003-06-06 02:52:27 H=moutvdom.kundenserver.de [212.227.126.250]
> F=<christian@???> temporarily rejected RCPT
> <didi@???>: failed to open
> /opt/wegistdaswiesel.de/aliases for linear search: Permission denied
> (euid=8 egid=8)
>
> I thought that because of the + sign, I would get the same result as
> if the file didn't exist...
Afaict from the code exim per default only checks for existence of the
file if you wanted to check for read-permissions you'd have to specify a
user, perhaps "require_files = +root:/opt/${domain}/aliases" might
work.
This is not evident from the documentation, but it is hinted:
-----------------
Exim performs the check by scanning along the components of the
file path, and checking the access for the given uid and gid. It
checks for 'x' access on directories, and 'r' access on the final
file. Note that this means that file access control lists, if the
operating system has them, are ignored.
-----------------
Persionally I think exim's /behavior/ in this respect is correct,
permssion 000 looks like a configuration error and issueing a
temporary failure correct.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"