Re: [Exim] unable to set gid/uid in redirect router

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Philip Hazel
Ημερομηνία:  
Προς: Jay Sekora
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] unable to set gid/uid in redirect router
On Thu, 26 Feb 2004, Jay Sekora wrote:

> Here's an actual error message from syslog:
>
> 2004-02-26 15:19:47 unable to set gid=54 or uid=6525 (euid=822): file_aliases router (recipient is jaytest@[domain redacted])
>
> It's interesting that the message says euid=822; that's our exim user.
> But the exim binary is setuid root, and is started by root.


You are
  (a) doing recipient verification at incoming SMTP time,
  (b) your file_aliases router has a user= setting or check_local_user
      is set
  (c) your file_aliases router does not have no_verify set


> Here's the actual router:
>
> file_aliases:
> driver = redirect
> allow_fail
> allow_defer
> no_verify_sender
> require_files = /net/aliases/$local_part
> file = /net/aliases/$local_part
> condition = ${if match{$local_part}{^[a-z0-9-]*\$}{yes}{no}}
> user = ${extract{uid}{${stat:/net/aliases/$local_part}}{$value}{822}}
> group = ${extract{gid}{${stat:/net/aliases/$local_part}}{$value}{822}}
> modemask = 002
> file_transport = address_file
> pipe_transport = address_pipe


See! Just as I diagnosed (before reading the router).

You cannot use such a router for SMTP verification, because Exim is
running as "exim" at SMTP time and is therefore unable to change uid.

For most cases, such routers are not necessary for verification, and
just adding no_verify solves the problem.


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book