Re: [Exim] Encoding the name of EXIM_USER instead of its use…

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.M\Andreas Metzler at <-
M\MMPhilip Hazel at ->
Delete this message
Reply to this message
Author: Matthias Bernhardt
Date:  
To: exim-users
Old-Topics: Re: [Exim] Suggestion about EXIM_USER at built time
Subject: Re: [Exim] Encoding the name of EXIM_USER instead of its user-id in the exim-binary.
On Wed, 5 Nov 2003, Philip Hazel wrote:

> > I found that many people, mainly package builders, already
> > have complained about this behaviour, while many others
> > can't understand why this is a pain for package builders.
>
> See my response to Andreas Metzler's similar posting, just a
> few minutes ago.

If you really put this issue on the Exim Wish List, I would
appreciate if you consider my suggestion again on the day when
you are about to implement that into the overnext exim release
or so.


As to your worries in your other mail:

> Partly gut feeling, and partly that, because of the way Exim
> is designed, new instances of Exim start up frequently. By
> having the uid hard-coded in the binary, you save having to
> look it up every time.

According to the very accurate documentation, exim_user and
exim_group directives are already being looked up by getpwnam()
and getgrnam() if they are found not to be numeric (I assume
that is, if atoi() fails). This is the right place to mention,
that it may/will save runtime if numerical uid/gid are used
where possible.

uid/gid=quicker, user/group=more flexible

Since this functionality is already built in, extending this
behaviour to the Makefile EXIM_USER and EXIM_GROUP default value
would mean, that these would have to be compiled in as a string,
thus causing an additional atoi() at every invocation to be done
for numerical uid/gid. That's all, because any additional
lookups are done in the else clause only.

There may even be a way to avoid this, like: 

  int exim_uid    = EXIM_UID;
  char* exim_user = "EXIM_USER";
  if (exim_uid == -1) {
    exim_uid = strtol(exim_user, endptr, ...);
    if (endptr** != \0) {
      passwd = getpwnam(exim_user);
      exim_uid = passwd.pw_uid;
    }
  }


Sorry that this is very rough and simplified, I had my head in
Perl and Shell scripts for too long.


As to YP/NIS:

> However, how much this actually saves in practice, I don't
> know. Of course it depends on how the user information is kept
> - NIS, flat file, indexed file, etc...

In my opinion it should be clear that putting the exim user into
YP/NIS would rise performance and security issues. But then,
system users should have uid/gid below 100 and they don't belong
into YP/NIS anyway, so they are usually local. Anyway, it can't
hurt to mention this in the doc for exim_user/exim_group.


Hoping that some of my ideas will make it into your wishlist,

yours Matthias


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] permanent failure for spamRe: [Exim] OT: Problem sending mail to verizon.net->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)