Author: W B Hacker Date: To: exim-users Subject: Re: [exim] simple smtp auth via /etc/passwd..
Tony Finch wrote: > On Mon, 24 Jul 2006, Wayne Tucker wrote:
>
>>The problem is that Exim can't read the master.passwd file.
It neither needs to do so, nor ordinarily attempts to do so on a FreeBSD install.
/etc/master.passwd is owned by root:wheel, but is rw to root only.
Exim works fine even if this file is removed or relocated elsewhere.
What Exim reads is /etc/pwd.db, which already has root, wheel, *and world*
readability.
ls -lf /etc/pwd.db
-rw-r--r-- 1 root wheel 40960 May 27 07:12 /etc/pwd.db
>> The
>>quick-and-dirty (but not completely filthy) fix is to add the exim user
>>to the group that owns the master.passwd file (and restart exim). Off
>>the top of my head, I don't remember what that group would be on BSD.
>>Hopefully it's not wheel...
Sorry- that *is* both 'filthy' and unnecessary.
Correct the problem at the source. >
>
> You also have to change the permissions on /etc/master.password to permit
> group read access. You should probably change the group from wheel to a
> new group for this purpose.
>
> Tony.
One should not casually recommend needlessly breaking a proven security model to
fix something that isn't broken where the OP thinks it is.
Fix Exim so it asks for what is already available instead of downgrading the
security model.
ELSE use a stand-alone flat file that has nothing to do with /etc/master.passwd.
No need to compromise the entire box just to do an improper Exim install.
