Re: [Exim-dev] Exim without root privileges

Top Page
Delete this message
Reply to this message
Author: Kevin P. Fleming
Date:  
To: exim-dev
Subject: Re: [Exim-dev] Exim without root privileges
Phil Pennock wrote:

> See section 48 of The Exim Specification; in particular, 48.3 about
> running Exim without privilege.


I have read that again today, it's been a little while. It still goes
back to my point though: with Exim today if you run it setuid "exim" and
start it as root, it won't respond to SIGHUP restarts, even if it the
configuration file tells it to use only unprivileged ports to listen on.
It assumes that it will need root privilege to restart itself, but it
won't. I'll have to do some more playing around to see exactly how it
will respond if started _as_ "exim", with no setuid/setgid in the mix at
all.

Certainly this implies that _all_ traffic into and out of Exim would
have to go over sockets, be they TCP or Unix, otherwise providing the
appropriate access to the "exim" user would get very complicated. In
this configuration command-line usage of Exim to send mail would not be
possible unless the process wanting to send the mail is already running
as the "exim" user, which would be unusual to say the least.