Autore: Graeme Fowler Data: To: exim-dev Oggetto: Re: [exim-dev] What user should ${run...} in config file run as?
On Mon, 2010-12-13 at 00:34 +0000, David Woodhouse wrote: > Why the hell did this work anyway?
I was pondering this through the haze of a horrible flu bug last week
but thought it rather a dumb question to ask at the time. But now I'm
not sure it's such a dumb question after all...
On Mon, 2010-12-13 at 01:23 -0500, Phil Pennock wrote: > It depends on the option. spool_directory is used as the default
> directory for holding the Exim pid, so its value is needed for the
> pid-file writing which happens before dropping root privs.
OK, so here's the bit I don't understand...
When exim is invoked as a daemon, it does some things as root and then
drops privileges down to the defined Exim user. The question is - if run
as a daemon, *how* does it "hang on" to some root privileges in the
first place?
I've just looked in expand.c (where the ${run construct is expanded and
handled) and that doesn't contain anything which would cause Exim to go
up the auth stack, as it were. When Exim is expanding a ${run condition,
all the vars Phil mentions above are already defined in the initial
daemon run so there's no need to generate them again (so I believe),
which means there's no need for root privs at that point. Is there?
I'm probably missing something terribly obvious here, but there again I
might not be - so someone who understands this more fully should
probably explain it to me.