https://bugs.exim.org/show_bug.cgi?id=2276
Phil Pennock <pdp@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #5 from Phil Pennock <pdp@???> ---
Logs: if you change the permissions and build-time and use ACLs so that root
has permission to write, then there is no FS permission override, and no issue.
Spool: the default permission for files in the spool is set as SPOOL_MODE=0640.
They're writable by group Exim.
Solution 1: put user root into group Exim. Easy, fixed, done.
Solution 2: use ACLs again to give root permission to read anything created in
the spool input directory. More fragile, as that's a directory which Exim will
happily auto-create when missing.
Solution 3: disable the DAC enforcement.
Honestly, I'd use solution 1 for the spool, and once you have that the only
thing needed is to compile with LOG_MODE=0660 instead of the default 0640.
I'd forgotten about read access to -D for delivery as non-root. I'm much less
bothered by Exim choosing to open a file in read-only mode as root than I am
when Exim is opening a file to _write_ as root.
Closing this as wontfix because there is a sane solution available for use on
such systems, using traditional group membership and permissions, and Exim is
not misbehaving.
--
You are receiving this mail because:
You are on the CC list for the bug.
