Re: [exim] Uid used to access TLS-certificates

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M-\Timo Neuvonen at <-
M\MTony Finch at ->
Delete this message
Reply to this message
Author: Jan Suchanek
Date:  
To: Timo Neuvonen
CC: exim-users
Subject: Re: [exim] Uid used to access TLS-certificates
Hi,

Timo Neuvonen wrote:

> I have exim 4.44, compiled with TLS-support, and using certificates issued
> by CA (not sef-signed).
>
> Now user 'exim' seems to be used to read the certificate files.
> Is there any way to make exim to read the certificates as root? Exim
> executable is setuid to root, so it should be possible, I think.
>
> This would allow me to have sertificate (and especially the key) files
> readable by no one but root. Kind of security problem if they are readable
> by too many users, I think.

Why not make the file readable for user "exim" only? This way no other
users can read the files either...

Greetings, Jan





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Help with SMTP AuthRe: [exim] Using exim over a GPRS connection->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)