On Mon, 13 Dec 2010, David Woodhouse wrote:
> On Mon, 2010-12-13 at 10:41 +0000, Graeme Fowler wrote:
>> Now... again, poor little dumb brain time again: Why do we need Exim to
>> be setuid root? Presumably this is so it can change user when invoked to
>> do local deliveries as the right user (amongst myriad other things).
>
> Yeah. There are plenty of other MTAs with a split process setup where
> only the *delivery* agent actually has root privileges. The *transport*
> program doesn't need them.
If I remove the suid bit from the exim binary on one of my client
machines then run "mail" or pine as an ordinary user I get
Failed to create spool file /var/spool/exim/input//1PS9Ig-0002Kz-Gi-D: Permission denied
errors.
(#ls -l /var/spool/exim/input/
total 16
drwxr-x--- 2 exim exim 4096 Dec 13 14:04 ./
drwxr-xr-x 5 exim exim 4096 Jul 30 13:50 ../
Do I have the wrong permissions on the spool directories ?)
Anyway, that suggests to me that whilst it might in principle
be possible to avoid root privilege for transport,
as exim is currently implemented we can't avoid giving some
write permissions to the *exim* spool directory (the mail queue)
as well as any write permissions needed for deliveries.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna