John Jetmore wrote:
>On Wed, 17 Mar 2004, Philip Hazel wrote:
>
>
>
>>On Wed, 17 Mar 2004, Toralf Lund wrote:
>>
>>
>>
>>>What has happened to the "nobody_user" parameter? I'm using this in our
>>>Exim 3 setup to get a sane user setup when an address is aliased
>>>directly to a pipe. In Exim 4, the parameter appears to be gone. Why?
>>>
>>>
>>cannot remember... the Exim 3 manual doesn't even jog my memory (it
>>talks about running processes as "nobody", but I can't remember when
>>Exim 3 wanted to do that). The Exim 4 update document talks about the
>>queryprogram router.
>>
>>
>
>putting aside the queryprogram reference, there's a reference to it in the
>exim3 book. It looks like nobody_user and nobody_group are the uid/gid
>exim tries to use if it would otherwise have used an entry in never_users:
>
><quote>
>Whenever Exim is about to run a local delivery process, it checks to see
>if the required uid is one of those listed in never_users. If it is, the
>delivery is run as nobody instead. The uid and gid for nobody can be
>specified by nobody_user and nobody_group; the default is to look up the
>login name nobody.
></quote>
>
> Exactly.
I think the never_users behaviour has changed, too, though, and that
Exim 4 will simply defer delivery if a listed uid is required. Perhaps
that's the real problem here. I think the "root" is somehow assumed for
the pipes in question are, and "root" is listed in never_users on my
setup. (And I don't want to execute the commands as root anyway.)
>Looking at Exim4.upgrade, I see this:
>
>. The nobody_user and nobody_group options have been abolished.
>
>No mention of a replacement though. Looking at the original question,
>maybe it's as simple as setting the user/group option on the address_pipe
>transport, or whatever router routes the mail to a pipe?
>
> No, I don't think it's that simple. In fact, I think I ended up using
nobody_user because I tried that wat, and it didn't work right. The
problem is that I do not want to set user for all pipe deliveries, just
the ones where the receiver address isn't associated with a real user.
Differently put, if I specify a user id in the address_pipe setup, pipes
in the .forward files of real users will also be executed under that id,
which is *not* what I want.
Maybe I can set a different user in the local_aliases director instead
(it now has user=root)? I think I had a good reason for not doing the
earlier, but I've forgotten what it was...