Autor: Arno Thuber Data: A: exim-users Assumpte: [exim] Exim and file access right
Hello,
I'm writing to you because of a problem I can't solve through searching the
web or reading the Exim documentation.
Exim uses my certificate and it's private key. Those data (at least the
private key) is precious and therefore not world readable on my host. The
file access rights are 640 with u=root and g=privkey_users. The group
privkey_users is an additional group with members Debian-exim, dovecot and
nginx because they all need access to that files. That works since a year
now for Exim as a server
So now I want Exim as a client to present the certificates also but Exim
fails to load the files when trying to connect a TLS enabled host (mainlog
says "Error while reading file."). Changing the file access rights to 644
*or* chown :Debian-exim makes it work again. But neither is ok because it
either expose the files to much or makes them unaccessible for the other
applications.
>From chapter 55 of the Exim documentation I see that Exim delivery drops rights which it has as a server but I don't fully understand it - or I
don't understand Unix access rights. With user Debian-exim member of
privkey_users why can't it read files with access rights for the group
privkey_users?