Author: Heiko Schlittermann Date: To: exim-users Subject: Re: [exim] The appendfile transport: UID and GID of the delivery
message file
Ednardo Lobo <ednardo@???> (Fr 26 Aug 2016 01:33:21 CEST): > >So the exim user has write access …, the directories are sgid <group>.
> >So, any file created in this directory should be owned by the creator
> >and the group <group>.
>
> Correct, just as I imagined. In other words, the file uid must be equal to
> the uid of the creator process and the gid equal to gid of the parent
> directory, because of his setgid bit.
>
> >If Exim doesn't run as a privileged user, Exim can't create files owned
> >by anybody else then the exim user and the group, owning the directory.
> >
> >So, I'd expect to just work. Can you show us the permissions of files
> >in new/, right after Exim created it?
>
> drwxrws--- 5 exim 65536 4096 Ago 23 22:06 .
> drwxrwx--- 3 exim root 4096 Ago 23 18:12 ..
> drwxrws--- 2 exim 65536 4096 Ago 23 18:13 cur
> drwxrws--- 2 exim 65536 4096 Ago 25 20:04 new
> drwxrws--- 2 exim 65536 4096 Ago 25 20:04 tmp
>
> -rw-rw---- 1 exim exim 777 Ago 25 19:47 1472165275.H150650P22153.gnu
> -rw-rw---- 1 exim exim 780 Ago 25 20:04 1472166260.H478116P22558.gnu
>
> I expected: … as I would expect too.
> -rw-rw---- 1 exim 65536 777 Ago 25 19:47 1472165275.H150650P22153.gnu
> -rw-rw---- 1 exim 65536 780 Ago 25 20:04 1472166260.H478116P22558.gnu
And you said, Exim runs without the suid privilege?
According to a short glance into appendfile.c it seems, that Exim calls
chown(2) on the newly created file.
Maybe the generic transport option group = nogroup (or whatever
group name 65536 relates to) helps. It doesn't avoid the chown, but it
should chown the group to the group the file already has. The group
option is expandable, so you might some string expansion to get the
group name right, in case it's dynamic.
Should we consider to avoid chown() under certain conditions?