Re: [exim] exim called in perl scripts

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Alan J. Flavell
Datum:  
To: Exim users list
Betreff: Re: [exim] exim called in perl scripts
On Mon, 2 Jan 2006, p cooper wrote:

> I want to run this perl script ( FWIW scans logfiles just before
> they are rotated ) from a bash script called from logrotate ,
> running as root .


I think my best advice to you would be "stop wanting that".

Casually running random service scripts as root is far too fraught
with imponderable security issues. Choose almost *any* alternative
solution.

> If I persist in using exim do I have to su to a user, run the perl
> and then su back again , or is it technically possible to pipe the
> stuff to exim from the script run as root ?


In the words of the native, "if I wanted to go there, I wouldn't start
from here".

> Extensive googling seemed to say its security feature to stop exim
> being run as root .I s this true ?


As far as I know, "yes". But that's not the only reason I can think
of for discouraging you from running service scripts as root.

Surely you can make the logfiles readable by some service-specific
GID, and run your service script using a non-root UID and the relevant
GID ? That's what I'd be looking for in this situation, I think.