Autor: W B Hacker Data: Para: exim users Asunto: Re: [exim] Couldn't chown message log
Stephen Gran wrote:
>>let's both take a step back.
>
Agreed.
Standard installs from ports or packages in FreeBSD, pkgsrc in OpenBSD, NetBSD
DO install the Exim binary 'setuid'.
Compilation from source 'shold' as well.
I have at least one that did NOT, so can see where the OP got into that situation.
owever - 'normal' installs are also likely to show ownership and group using
'mailnull:mail' or 'exim:mail' and perhaps 'root:wheel' for binary & /var/log....
So the fact that his binary is NOT ALREADY setuid AND his file ownerships don't
match EITHER the config he has installed from Jason OR what we are auccustomed
to seeing should have twigged any or all us that setuid *alone* was not
necessarily going to get him up and running.
> The OP is clearly new to exim. The normal install is setuid root
> to enable delivering as different users to /var/mail/$local_part.
> When you suggested to a new user that exim doesn't need to be suid root,
Not what I suggested at all. Suggested it was needed 'on Linux' and he *IS* on
Linux == Ergo he needs it.
If he tries what I suggested first, he will almost certainly run into a
different problem.
Ex:
2009-05-13 14:30:51 [84072] exim 4.69 daemon started: pid=84072, -q55s,
listening for SMTP on port 25 (IPv6 and IPv4) and for SMTPS on port 587 (IPv6
and IPv4)
2009-05-13 14:30:51 [84073] re-exec of exim (/usr/local/sbin/exim) with -q
failed: Permission denied
If he deos NOT see that, he is not calling a timed queue-runner on
initialization (-q2m or such). Something which is generally a 'good idea'.
Fix setuid first, and one will not necessarily know either way.
That sort of feedback - as above or with OTHER errors - will better determine
what steps remain to be put in place.
From the look of his environment, 'setuid' is just one of those.
> I wanted to make the point that in most normal use cases, it really does,
> regardless of which kernel you run. I apologize if I got your back up -
> all I was trying to do was keep a new user from following a more difficult
> path to usefulness than they need to.
>
No apology required. You didn't get *my* back up.
FWIW it isn't ordinarily a 'don't care' on a typical BSD, either.
Just not always handled the same way. As with the absence of 'sudo' or inetd.