On 31 Jul 2010, at 12:54, Yves Goergen wrote:
> I have installed the exim4 server on Ubuntu 10.4 and copied (and
> updated) my configuration from an older Debian server with a
> self-compiled exim server.
The debian exim config is rather specialised, and has its own support
list. Info on this should be at
http://pkg-exim4.alioth.debian.org/
> Mail is stored to virtual user maildirs in
> /var/mail/virtual/<domain>/<localpart>. All in /var/mail belongs to the
> user "mail". IMAP and POP servers are configured to use the user "mail"
> so they have access to those directories.
>
> Sending myself a message fails (it won't be delivered) and the exim
> mainlog says it doesn't have access to that maildir. The exim process is
> running as user "118" (which is "Debian-exim" when I look it up myself,
> ps can't display the name for some unknown reason). Is there a way to
> change that username so that it uses "mail" again?
The user id that is used for mail delivery has very little relationship
to the user id that exim runs under.
> If that's not possible, do I need to change everything, ownership of
> /var/mail, runtime users for Dovecot and my helper scripts, from "mail"
> to "Debian-exim"?
Probably not.
Presuming exim is installed setuid (and running it otherwise is unusual and
somewhat little tested), then final delivery would be done using the user id
that is specified by the transport and/or router for the address.
Since we have little idea of your build config or run time config basically
there is nothng useful that can be said.
> What's so special about that username that ps won't show it but only its
> number instead? Is it maybe a not very well supported name, because of
> the "-" or something?
Its too long for ps to display neatly.
> Anyway, there's generic system users for anything, why does this one
> need to name the (based-upon) Linux distribution AND the product name?
> For a use that is shared among different products, like SMTP, IMAP etc.
> I really think that "mail" would have been a better choice. Or maybe
> there's an unknown reason behind that, too?
Why should so many subsystems share their security surface by all
running as the same uid?
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
