On Thu, 26 Feb 2004, Jay Sekora wrote:
> Here's an actual error message from syslog:
>
> 2004-02-26 15:19:47 unable to set gid=54 or uid=6525 (euid=822): file_aliases router (recipient is jaytest@[domain redacted])
>
> It's interesting that the message says euid=822; that's our exim user.
> But the exim binary is setuid root, and is started by root.
You are
(a) doing recipient verification at incoming SMTP time,
(b) your file_aliases router has a user= setting or check_local_user
is set
(c) your file_aliases router does not have no_verify set
> Here's the actual router:
>
> file_aliases:
> driver = redirect
> allow_fail
> allow_defer
> no_verify_sender
> require_files = /net/aliases/$local_part
> file = /net/aliases/$local_part
> condition = ${if match{$local_part}{^[a-z0-9-]*\$}{yes}{no}}
> user = ${extract{uid}{${stat:/net/aliases/$local_part}}{$value}{822}}
> group = ${extract{gid}{${stat:/net/aliases/$local_part}}{$value}{822}}
> modemask = 002
> file_transport = address_file
> pipe_transport = address_pipe
See! Just as I diagnosed (before reading the router).
You cannot use such a router for SMTP verification, because Exim is
running as "exim" at SMTP time and is therefore unable to change uid.
For most cases, such routers are not necessary for verification, and
just adding no_verify solves the problem.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book