On Tue, Oct 08, 2013 at 05:17:11PM -0400, Phil Pennock wrote:
> So we're dealing here with a getpwuid(getuid())->pw_dir situation. And
> this depends entirely upon what part of the configuration file the
> string expansion is in: it's the invoking user, at time of evaluation.
> As much as possible, that should be the "exim" user, but there are still
> some things evaluated as root.
>
> Checking the postgres source (it's a bad sign that I have a copy of
> their git repo laying around, right?) I see they're using geteuid(), so
> this isn't an effective/real conflict.
(Well, I am never without my trusty OpenSSL repo. Though I did
wean myself off the OpenLDAP source code some time ago). Anyway,
I would guess that exim's effective uid is variously "exim", "root",
or some local user whose .forward file is being read. So it may
be unwise to expect predictable behaviour with configuration files
in ~exim. For that to work, the database connections would need
to be established pre-emptively at a time when the code is running
with a predictable euid.
--
Viktor.
