Re: [exim] 551 User not local; please try <forward-path>

Top Page
Delete this message
Reply to this message
Author: Robert Millan
Date:  
To: exim-users
Subject: Re: [exim] 551 User not local; please try <forward-path>
On Sat, Jun 17, 2006 at 09:59:32PM +0200, Magnus Holmgren wrote:
> > It seems it needs a bit more than access to the files:
> >
> > 2006-06-17 21:33:04 unable to set gid=1001 or uid=1001 (euid=102):
> > userforward router (recipient is xxx@yyy)
> >
> > The ~/.forward files are world-readable, so why does it attempt
> > setgid/setuid? Can we still avoid running exim as root?
>
> Yeees, I forgot that. Exim always tries to setuid/setgid to the user and group
> given by those options or check_local_user, for security reasons I think. You
> could add a verify_only router, but then you can't use $home.


I don't understand. How can failure to drop privileges be a critical error?
When it runs as root, this never happens. When it runs as user, it isn't
necessary (although access could be denied if user is not the same).

Perhaps this error message is just hiding the real problem, which is something
else?

--
Robert Millan