Re: [exim-dev] Pipe transport run by user?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Bryan Henderson
CC: exim-dev
Subject: Re: [exim-dev] Pipe transport run by user?
On Mon, 12 Sep 2005, Bryan Henderson wrote:

> I think it's probably just terminology. I consider the daemon to include
> the process that listens for incoming connections and all its descendants.


In the case of Exim, some of the descendants re-exec Exim to regain root
privilege.

> That's what I'm asking about. From what you say, I think the answer
> is that Exim does indeed do local deliveries via setuid privilege
> instead of daemon privilege.


Yes. In a normal configuration (there are circumstances where you can
run Exim without setuid root privilege at all), Exim will re-exec the
binary after receiving a message, in order to run a root-privilege
process to carry out the delivery. It needs to be root so that it can
create sub-processes that run under various uids for the various
deliveries that a message may require. It also may need to be root in
order to access data files that are private.

> And apparently for administrator queue runs too, which I had not
> considered.


Yes, for the same reason.

> I don't need local deliveries to go via this special route; the system
> would be simpler and safer if all mail went through SMTP anyway. The
> less setuid there is in the system, the better. Now I have to figure
> out how to do make that happen.


There are sites that do no local deliveries that are able to run Exim
setuid "exim" rather than setuid "root". Section 51.3 of the manual
("Running Exim without privilege") discusses some of the issues, and
indeed the whole of chapter 51 is of relevance.

> In general, my experience agrees with your instincts. It's a case of
> flexibility allowing mistakes. The alternative most people use is to
> hardcode into programs parameters such as file paths. I don't use
> hardcoded file paths on my systems except in a few cases of files with
> /etc names.


Exim hard-codes its configuration file, and then takes everything else
from there.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book