Re: [exim] does exim run as root or not?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Jürgen Herz
CC: exim-users
New-Topics: [exim] mail.app and authentication
Subject: Re: [exim] does exim run as root or not?
On Wed, 22 Feb 2006, Jürgen Herz wrote:

> also after reading through chapter 51, I'm not sure what's up here.


The answer to your question is "sometimes". The point is that Exim
doesn't run as a single process. It uses many processes, and some of
them re-exec the binary in order to regain root privilege. Exim's
process structure is described in chapter 11 of the Exim 4 book.

> On my system (Debian Sarge) the exim (4.60) binary is as following:
> -rwsr-xr-x 1 root root 811224 2006-01-22 11:53 /usr/sbin/exim4


That looks standard.

> It's started on system startup and its parent is user 1. ps says it runs
> as user Debian-exim and group Debian-exim (euid, egid, ruid and rgid are
> 102 too).


What is running isn't "Exim", it is "an Exim daemon process", which
indeed should not be running as root once it has started up.

> And regardless of this, it can write in directories with
> drwx------ normaluser users
> and call e.g. maildrop with uid=1000 (normaluser) and gid=100 (users).
>
> How does this work if it's not root?


When it wants to deliver a message, it starts a new delivery process,
and re-execs the binary in order to regain root privilege. The delivery
process does one job, then terminates.

-- 
Philip Hazel            University of Cambridge Computing Service
Get the Exim 4 book:    http://www.uit.co.uk/exim-book