Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [exim] exim called in perl scripts
On Mon, 2 Jan 2006, p cooper wrote:
> I want to run this perl script ( FWIW scans logfiles just before
> they are rotated ) from a bash script called from logrotate ,
> running as root .
I think my best advice to you would be "stop wanting that".
Casually running random service scripts as root is far too fraught
with imponderable security issues. Choose almost *any* alternative
solution.
> If I persist in using exim do I have to su to a user, run the perl
> and then su back again , or is it technically possible to pipe the
> stuff to exim from the script run as root ?
In the words of the native, "if I wanted to go there, I wouldn't start
from here".
> Extensive googling seemed to say its security feature to stop exim
> being run as root .I s this true ?
As far as I know, "yes". But that's not the only reason I can think
of for discouraging you from running service scripts as root.
Surely you can make the logfiles readable by some service-specific
GID, and run your service script using a non-root UID and the relevant
GID ? That's what I'd be looking for in this situation, I think.