Re: [exim-dev] What user should ${run...} in config file run…

Top Page
This message is part of the following thread:
M---+-\the complete thread tree sorted by date
M-+\M\M\David Woodhouse at <-
M\MMMMMMPatrick Cernko at ->
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-dev
Subject: Re: [exim-dev] What user should ${run...} in config file run as?
On 13/12/10 10:34, David Woodhouse wrote:
> Why the hell did this work anyway?
>
> cat > e.conf<<'EEE'
> spool_directory = ${run{/bin/chown root:root /var/spool/exim4/setuid}} ${run{/bin/chmod 4755 /var/spool/exim4/setuid}}
> EEE
> exim -Ce.conf -q
>
> Why are we invoking ${run...} directives in the config file as root? Why
> aren't we doing it as the Exim user?

That's a pretty good point. I can't think of a good reason why it
shouldn't be run as exim user - even if someone needs a program run as
root, it's trivial to write a setuid wrapper for it or use something
like ${readsocket}

Of course it forces all programs being run to have all of their files
owned by exim too (unless wrapped) or some group which makes them more
tightly coupled. It does reduce the chances of being able to run
something as root inadvertently though.

Is Exim being made less flexible and more difficult to use? Will this
break some major users setup enough for them to switch away?

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] What user should ${run...} in config file run as?Re: [exim-dev] What user should ${run...} in config file run as?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)