Andrew C Aitchison <andrew@???> (Do 31 Mär 2016 11:13:41 CEST):
> >https://bugs.exim.org/show_bug.cgi?id=1811
> >But this arises the question, why we need root privs for routing.
> To read .forward files ?
Yes, that's a good point. But … IMHO Exim should try to read
the .forward file as the target user instead of root.
local_part=heiko domain=localhost
checking for local user
seeking password data for user "heiko": using cached result
getpwnam() succeeded uid=1000 gid=1000
calling bar router
rda_interpret (file): $home/.forward-test
expanded: /home/heiko/.forward-test
changed uid/gid: bar router (recipient is heiko@localhost)
uid=1000 gid=1000 pid=8008
auxiliary group list: <none>
* 8 bytes read from /home/heiko/.forward-test
file is not a filter file
parse_forward_list: i@???
The .forward file is read *after* changing the uid to the target user.
But you're right, if I use the deliver_drop_privilege, the
routing/delivery process runs as the Exim user and can't change its uid
to the target user.
With deliver_drop_privilege it ends in
expanded: /home/heiko/.forward-test
LOG: MAIN PANIC DIE
* unable to set gid=1000 or uid=1000 (euid=999): bar router (recipient
is heiko@localhost)
>>>>>>>>>>>>>>>> Exim pid=8102 terminating with rc=1 >>>>>>>>>>>>>>>>
The conclusion is, that it's more than just a minor code change if we
want Exim running w/o root privs but being able to read the .forward
files. For now I'll not touch anything regarding -bt/-bv.
--
Heiko
