[Exim] unable to set gid/uid in redirect router

Top Page
Delete this message
Reply to this message
Author: Jay Sekora
Date:  
To: exim-users
Subject: [Exim] unable to set gid/uid in redirect router
Hi. I'm getting the error "unable to set gid=54 or uid=6525 (euid=822)"
from exim when I attempt to set user and group explicitly on a delivery
with a redirect router. I found the message from Philip at

    http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030113/048413.html


which suggests that exim is not setuid root, but it is:

    ls -lL /priv/daemons/packages/exim-4.20/bin/exim
    -rwsr-xr-x   1 root     sys      1447141 Jul 16  2003 /priv/daemons/packages/exim-4.20/bin/exim*


and I've convirmed that that's both the pathname I'm starting exim
with and in the BIN_DIRECTORY that exim was compiled with.

Here's an actual error message from syslog:

2004-02-26 15:19:47 unable to set gid=54 or uid=6525 (euid=822): file_aliases router (recipient is jaytest@[domain redacted])

It's interesting that the message says euid=822; that's our exim user.
But the exim binary is setuid root, and is started by root.

Local delivery via procmail is working fine with "user = $local_part",
and our procmail binary is NOT setuid. So this refusal to set gid
or uid seems to be specific to this router. Any ideas why it might
be happening, or how I can get more information about exactly what's
going on?

Here's the actual router:

# This router handles alias files in /net/aliases. If there exists
# a file /net/aliases/foo, then mail to foo@[domain] will get delivered
# to the addresses in that file, as if it were a user's .forward file.
#
# The file_aliases router will decline if the file referenced in "file ="
# does not exist.
#
# The condition option guarantees that we'll only use this router on local
# parts consisting of only lowercase letters, digits, and hyphens.

file_aliases:
driver = redirect
allow_fail
allow_defer
no_verify_sender
require_files = /net/aliases/$local_part
file = /net/aliases/$local_part
condition = ${if match{$local_part}{^[a-z0-9-]*\$}{yes}{no}}
user = ${extract{uid}{${stat:/net/aliases/$local_part}}{$value}{822}}
group = ${extract{gid}{${stat:/net/aliases/$local_part}}{$value}{822}}
modemask = 002
file_transport = address_file
pipe_transport = address_pipe

The concept is that we put files in /net/aliases and give ownership
of them to a user, which means that that user can then maintain their
own mini mailing list. (We also use Mailman for more elaborate lists.)
We want delivery to happen as the owner of the mailing list, since
they often want to deliver into files that they own.

Thanks very much,

Jay