Re: [Exim] permissions problem

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Pavel Gulchouck
CC: exim-users
Subject: Re: [Exim] permissions problem
On Sun, 28 Sep 2003, Pavel Gulchouck wrote:

> The answer is: I'm using -D switch in the commandline, so exim
> drops root privelegies.
> But I start exim as root (real uid & euid), so I do not want that
> he drop root privelegies. Now it cannot restart by SIGHUP on config
> change (permission denied on bind()).
> What should I do for run exim with macros or alter config and with
> root privelegies?


This is a difficult security area. It is *much* better if you can avoid
using -C or -D.

If you start Exim as root with -C of -D it does not drop root
privileges. BUT, if Exim is re-executed, the -C or -D is passed on; in
this case it is likely that the privilege will get dropped. This happens
for local deliveries such as autoreply or re-running Exim via a pipe.
There isn't any way round this.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book