Autor: David Woodhouse Datum: To: Graeme Fowler CC: exim-dev Betreff: Re: [exim-dev] What user should ${run...} in config file run as?
On Mon, 2010-12-13 at 09:22 +0000, Graeme Fowler wrote: > OK, so here's the bit I don't understand...
>
> When exim is invoked as a daemon, it does some things as root and then
> drops privileges down to the defined Exim user. The question is - if run
> as a daemon, *how* does it "hang on" to some root privileges in the
> first place?
It will drop privs when run as a dæmon, and it *cannot* get them back.
> I've just looked in expand.c (where the ${run construct is expanded and
> handled) and that doesn't contain anything which would cause Exim to go
> up the auth stack, as it were.
It doesn't work like that. You cannot *gain* root privs; you can only
give them away if your process was started with them.
So what it does is fork and exec a *new* Exim process to do the
delivery. That version of Exim doesn't drop privs.