Frank Elsner <Frank.Elsner@???> (Wed Feb 9 13:15:20 2011):
> On Wed, 9 Feb 2011 07:00:34 -0500 Phil Pennock wrote:
>
> [ ... ]
>
> > You didn't read README.UPDATING or the announcement for 4.73?
>
> Yes, maybe I misunderstand it :-(
>
> [ ... ]
>
> > See README.UPDATING for more.
>
> | * The Exim run-time user can no longer be root; this was always
> | strongly discouraged, but is now prohibited both at build and
> | run-time. If you need Exim to run routinely as root, you'll need to
> | patch the source and accept the risk. Here be dragons.
>
> I have EXIM_USER=ref:exim in Local/Makefile.
> User "exim" is uid 103 in /etc/passwd.
>
> But the binary is
>
> -rwsr-xr-x 1 root root 864428 Feb 9 11:27 exim-4.74
> Setuid to bind to port 25, I guess? Or should I remove it?
If started by root, it doesn't matter. Exim should change it's euid
after binding to the port.
How is your exim started? Using some -C oder -D option?
As far as I understand, the suid bit is used to change the euid/egid to whatever for
local transports.
The config file is not owned by your exim user?
If you add the "pid" logselector, you should see, that a new process is
forked for delivery.
I did a short test (using 4.74)
MM_USER = 12
MM_GROUP = 12
---- router
mm:
driver = accept
domains = +vmail_domains
local_parts = xxx
transport = pipi
---- transport
pipi:
driver = pipe
command = /bin/sh -c "/bin/cat >/tmp/xxx"
current_directory = /tmp
home_directory = /tmp
log_fail_output
user = MM_USER
group = MM_GROUP
And it worked. The file created is owned by uid/gid 12.
--
Heiko
