Autor: W B Hacker Data: A: exim-users Assumpte: Re: [exim] Running exim as a user with no username
Mike Cardwell wrote:
> * on the Sat, Jan 28, 2006 at 03:12:17PM -0500, Chris Knadle wrote:
>
>
>>On Saturday 28 January 2006 11:13, Mike Cardwell wrote:
>
>
>>>That would probably work yes. Sounds like more of a nasty hack than I
>>>was wanting to go with though.
>>
>> Another way of doing this would be to run OpenLDAP locally on the mail
>>server and replicate the necessary entries from AD. This way the only thing
>>that needs altering would be where the lookups would occur, and the only time
>>the link to AD has to be there is for the periodic sync of the two
>>directories.
>
>
> I did find a solution to this problem in the end by the way. There is a feature
> in exim designed exactly for issue I was trying to resolve. I ended up adding
> this to my config:
>
> unknown_login = ${run{/path/to/exe $caller_uid}}
>
> Where exe is a setuid script that takes a uid, and returns a username. Now,
> sending mail causes lookups against the AD, but the AD doesn't get hammered
> due to web requests on the same box. Problem solved.
>
> Running exim in an environment where it can't lookup it's own username can't
> be all that bad if there's an option for it...
>
> Best wishes,
> Mike
>
Mike,
I understand the solution, but I was puzzled by your OP as to
why you wanted to do this at all (w/r Exim's EUID) - and am
still puzzled.
Just as background, in my own installations Exim, SA, ClamAV,
Dovecot IMAP/POP, and the Webmail daemon each run at all times
as their own UID.
The end user's ID is not only not used - they don't even *have*
one. Even 'postmaster' has to have an entry in the SQL DB.
Which is perhaps as diametrically opposite to your approach as
it gets - where you run the daemon with no default UID, I handle
the users with no UID.
Neither criticizing nor advocating either method, as mine is as
non-standard as yours is.