Re: [exim] -C Permission denied

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMTony Finch at <-
.MEphraim Silverberg at ->
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Ephraim Silverberg
CC: Exim Mailing List
Subject: Re: [exim] -C Permission denied
On Tue, 30 Nov 2004, Ephraim Silverberg wrote:

> When I try to run as 'root' the following command:
>
> /usr/local/libexec/exim-4.43-exiscan-acl -C /cs/share/exim/configure-server.test -t < /tmp/SOMEFILE
>
> I get:
>
> -C Permission denied
>
> Running debugging, it seems that the original invocation works, but then
> what happens is that it fails when it tries an 'exec':

The -C option is useful for testing, but there are certain things it
cannot do, and this is one of them. If Exim needs to re-exec itself and
is at the time running under a uid that is not allowed to use -C, you
get the effect that you observed. From your example, it looks as if Exim
is running as "exim" at the time. By default, this should work. As it
does not, I deduce that you have set ALT_CONFIG_ROOT_ONLY in your
configuration for building Exim.

In the manual (where it documents -C) it says this:

Setting ALT_CONFIG_ROOT_ONLY locks out the possibility of testing a
configuration using -C right through message reception and delivery,
even if the caller is root. The reception works, but by that time, Exim
is running as the Exim user, so when it re-execs to regain privilege
for the delivery, the use of -C causes privilege to be lost. However,
root can test reception and delivery using two separate commands (one
to put a message on the queue, using -odq, and another to do the
delivery, using -M).

> Note that in the compilation config.h -- the extra checks are not set:
>
> cs# grep ALT_CONFIG config.h
> /* ALT_CONFIG_PREFIX not set */
> /* ALT_CONFIG_ROOT_ONLY not set */

Oh, so you've already found out about that. Are you sure that the Exim
you are running is the one that was compiled with that configuration?

> 11:15:01 49818 changed uid/gid: privilege not needed
> 11:15:01 49818 uid=42 gid=42 pid=49818

Presumably 42 is your exim uid?

Have you set exim_user in the runtime configuration by any chance? 

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] -C Permission deniedRe: [exim] Re: Bug#283538: exim4: perl calls setlocale() behind exim's back->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)