Re: [exim] Change user from "debian-exim" to "mail"?

Top Pagina
Delete this message
Reply to this message
Auteur: Yves Goergen
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Change user from "debian-exim" to "mail"?
On 31.07.2010 15:39 CE(S)T, Sven Hartge wrote:
> You may want to read the FAQ: http://wiki.debian.org/PkgExim4UserFAQ
>
> Everything is explained in there.


Okay, I've read it through, but it couldn't answer all of my questions.

I still have the Debian/Ubuntu package exim4-daemon-heavy and I'm using
my own configuration file. I do that because I put it together back in
2004 and maintained it since then, it uses MySQL lookups, virtual users,
SA integration, TLS, and it works very well. I don't see need to do it
all again only to comply with Debian's split configuration scheme. I
began reading their config documentation and found that it wouldn't
easily do what I need.

Mail is delivered in /var/mail/virtual/<domain>/<localpart> and
everything in /var/mail is chowned mail:mail (which is what the system
came like) and not accessible for other users or groups. This directory
is accessed by Exim and Dovecot (replacing Courier-IMAP). The
/var/mail/virtual location must have come from an Exim tutorial of that
time.

In my old Exim makefile, I have the line "EXIM_USER=mail". I'm not aware
of anything else I needed to do to grant the Exim process access to the
maildir location.

What can I do to save my setup and have Exim access /var/mail? I could
use filesystem ACLs but that would be required for every single
directory and file there which doesn't seem feasible. I could chown
/var/mail to Debian-exim and update all other applications' config to
follow Exim, the great leader. I'm not sure what consequences that would
have. And I could throw the whole package away and build it all from
source again which I set out to never do again this time. Any
suggestion, please?

Other applications (at least Dovecot and Courier-IMAP) let me change the
user which is used to access the maildir location. I have tried setting
"exim_user = mail" and "exim_group = mail" but the server wouldn't start
anymore with no notice at all in its logs.

I also read the rationale of "Debian-exim" but I still can't see what
should keep us from using the user "mail". It's always there, short,
doesn't need to be removed again and causes very little access problems
with other mail-accessing applications. But the right people to decide
are probably not here anyway. (And the decision is made and cannot be
changed again now. Now we need to figure out how to live with it.)

--
Yves Goergen "LonelyPixel" <nospam.list@???>
Visit my web laboratory at http://beta.unclassified.de