On 25/08/16 15:18, Ednardo Lobo wrote:
> Exim is running with a non-root user (UID: exim) and group (GID: exim)
> and the exim binary is without setuid permission: -rwxr-xr-x.
>
> The transport configuration is:
>
> maildir:
> driver = appendfile
> maildir_format = true
> create_directory = false
> directory = /var/mail/LBN/$domain/$local_part
> mode = 0660
>
> The maildir was create apart with follow permissions, uid e gid:
>
> drwxrws--- exim <group> /var/mail/$domain/$local_part/cur
> drwxrws--- exim <group> /var/mail/$domain/$local_part/new
> drwxrws--- exim <group> /var/mail/$domain/$local_part/tmp
>
> <group> - a unique gid defined to each mail address
>
> I should like that file create to store delivery message owned "exim
> uid" and "<group> gid", but exim delivery process makes with "exim uid"
> and "gid exim". In fact, I need exim process does not set any uid and
> gid leaving this responsability to SO.
>
> I appreciate any suggestion.
>
http://exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECTrunexiwitpri
http://exim.org/exim-html-current/doc/html/spec_html/ch-generic_options_for_transports.html
("user" and "group" options)
--
Jeremy