On Tue, Nov 04, 2003 at 10:04:14AM +0000, Philip Hazel wrote:
> On Tue, 4 Nov 2003, Andreas Metzler wrote:
>> If EXIM_USER is not numeric currently buildconfig.c uses getpwnam() to
>> look up its uid and hardcodes this value into the exim-binary. What is
>> the reason for this, is there a race-condition somewhere?
> Originally, you had to specify EXIM_USER numerically. It is only
> relatively recently in Exim's life that you could specify it as a name.
> I want to bind in the uid numerically because that feels more secure -
> that is a paranoia argument.
Is it more than a gut-feeling? Many daemons work without hardcoding the
uid. (e.g. postfix does not, qmail OTOH does.) I am not trying to
second-guess you, just asking, you know this stuff, I don't.
> However, there is also the argument that getpwnam() doesn't always
> work. If you are using NIS and NIS is down, there may be a problem,
> for example.
[...]
Just FYI, exim will fail if the exim-user is not present:
11220 LOG: MAIN PANIC DIE
11220 cannot run initgroups(): no passwd entry for uid=8
11220 search_tidyup called
11220 >>>>>>>>>>>>>>>> Exim pid=11220 terminating with rc=1 >>>>>>>>>>>>>>>>
I can see that it would could hurt performance a lot if the exim-user
was kept in NIS (without running nscd), but usually system-users (up
to id 500 or 1000) aren't kept in NIS.
thanks, cu andreas
