Re: [Exim] Still having permission errors

Top Page
Delete this message
Reply to this message
Author: Dr Andrew C Aitchison
Date:  
To: mcneillk
CC: exim-users
Subject: Re: [Exim] Still having permission errors
On Mon, 16 Jun 2003 mcneillk@??? wrote:

> I am still having a problem with permissions while running exim. I am
> running Mandrake 9.1 and here are the problems I have encountered.
>
> exim is running as user 'mail'
>
> Initial Error message in the exim log:
>
>
> 2003-06-12 15:54:20 Start queue run: pid=2375
> 2003-06-12 15:54:20 19QY5M-0000YO-QW Spool error for
> /var/spool/exim/input//19QY5M-0000YO-QW-D: Permission denied 2003-06-12
> 15:54:20 End queue run: pid=2375
>
> ownership of the files in /var/spool/exim/input/ is set to the user that
> created the mail(i.e. with mutt) the group is set to mail. the permissions
> on the files are -rw-r-----
>
> After doing to the files in /var/spool/exim/input, chmod g+w
>
> 2003-06-12 15:56:20 Start queue run: pid=2383
> 2003-06-12 15:56:20 19QY5M-0000YO-QW Couldn't create message log
> /var/spool/exim/msglog//19QY5M-0000YO-QW: Permission denied 2003-06-12
> 15:56:20 End queue run: pid=2383
>
> 19QY5M-0000YO-QW is created but is an empty file
>
> /var/spool/exim and all its subdirectories are set to drwxrwxrwx
>
> It does work,however, if I do a chmod a+s /usr/sbin/exim, how bad is it to
> do this?


You do need chmod u+s, but I don't think you need a+s -
suid root is the right thing to do (in almost all cases).
This is safe (by massive experience over many years, but the code hasn't
been independently audited) since exim stops being root
whenever possible; however without suid-root it can't go back to
being root to deliver the mail.

> Permissions of various directories and of one email msg:
> -rw-r-----    1 mail     mail          269 Jun 16 11:20 19RvmK-0000aC-RJ-D

>
> drwxrwxrwx    2 mail     mail         4096 Jun 11 15:20 db/
> drwxrwxrwx    2 mail     mail         4096 Jun 16 10:40 input/
> drwxrwxrwx    2 mail     mail         4096 Jun 16 10:40 msglog/

>
> drwxrwxrwx    5 mail     mail         4096 Jun 11 15:07 exim/


I can't see why "other" needs any access to those directories.
I have:
ll /var/spool/exim/
drwxr-x---   8 exim     exim         512 May 29 15:17 ./
drwxr-xr-x  10 root     bin          512 Aug  5  2002 ../
drwxr-x---   2 exim     exim         512 Apr  7 18:08 db/
-rw-r--r--   1 root     exim           4 Jun  3 07:50 exim-daemon.pid
-rw-r-----   1 exim     exim          60 May 29 15:17 exim-process.info
drwx------   2 exim     exim        1024 Jun 17 18:31 input/
drwxr-x---   2 exim     exim        2048 Jun 17 04:38 log/
drwxr-x---   2 exim     exim         512 Jun 17 18:31 msglog/



--
Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna