On Saturday 17 June 2006 21:45, Robert Millan took the opportunity to write:
> On Sat, Jun 17, 2006 at 08:32:42PM +0200, Magnus Holmgren wrote:
> > ~/.forward is normally not evaluated before the actual delivery; in the
> > default configuration no_verify is set on the userforward router because
> > Exim runs as its own user when processing the ACLs and therefore can't
> > count on having access to individual users' files. You can change that of
> > course.
>
> It seems it needs a bit more than access to the files:
>
> 2006-06-17 21:33:04 unable to set gid=1001 or uid=1001 (euid=102):
> userforward router (recipient is xxx@yyy)
>
> The ~/.forward files are world-readable, so why does it attempt
> setgid/setuid? Can we still avoid running exim as root?
Yeees, I forgot that. Exim always tries to setuid/setgid to the user and group
given by those options or check_local_user, for security reasons I think. You
could add a verify_only router, but then you can't use $home.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
