Autor: tux2002 Data: A: exim-dev Assumpte: [exim-dev] Running exim from nonpriveleged user and exim spool
directory
Good day!First sorry my English.I use exim-4.69. I run exim from user exim and primary group exim.Currently my exim binary file have exim:exim ownership and setuid and setgid.I mean that setuid is excess privelege. How about add functionality, when exim work with files in his spool with umask 007 for example, and newer chown file in his spool?I mean that allow do exim binary file only setgid.
For example:1. User send email via mailx and via sgid exim binary,so spool file have 660 mode and user:exim ownership.exim can manage this file.2. Exim recieve email via smtp, so spool file have 660 mode and exim:exim ownership.exim can manage this file.3. For example: Exim is member of clamav group and put files into scan directory with mode 640 and exim:clamav ownership.