Author: Mike Cardwell Date: To: exim-users Subject: Re: [exim] Running exim as a user with no username
* on the Tue, Feb 21, 2006 at 04:27:04AM +0800, W B Hacker wrote:
> I understand the solution, but I was puzzled by your OP as to
> why you wanted to do this at all (w/r Exim's EUID) - and am
> still puzzled.
>
> Just as background, in my own installations Exim, SA, ClamAV,
> Dovecot IMAP/POP, and the Webmail daemon each run at all times
> as their own UID.
>
> The end user's ID is not only not used - they don't even *have*
> one. Even 'postmaster' has to have an entry in the SQL DB.
>
> Which is perhaps as diametrically opposite to your approach as
> it gets - where you run the daemon with no default UID, I handle
> the users with no UID.
>
> Neither criticizing nor advocating either method, as mine is as
> non-standard as yours is.
>
> But hope you can see why I am (still) curious...
>
> Care to enlighten?
The environment this is running in sounds very different to yours.
The machines are actually web servers, not mail servers. Exim
isn't even running as a daemon. The only reason exim is on there
is so people can send emails from forms. UIDs on the system are
mapped to usernames via an ldap connection to the Active
Directory. When someone runs their (hopefully safe) copy of
formmail.cgi etc they run under a suexec style system so the
process runs as their own user. At the normal user level they
don't have access to query the AD. Is this starting to look more
clear?