[exim] Exim and file access right

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
MIan Zimmerman at ->
Delete this message
Reply to this message
Author: Arno Thuber
Date:  
To: exim-users
Subject: [exim] Exim and file access right
Hello,

I'm writing to you because of a problem I can't solve through searching the
web or reading the Exim documentation.

Exim uses my certificate and it's private key. Those data (at least the
private key) is precious and therefore not world readable on my host. The
file access rights are 640 with u=root and g=privkey_users. The group
privkey_users is an additional group with members Debian-exim, dovecot and
nginx because they all need access to that files. That works since a year
now for Exim as a server

So now I want Exim as a client to present the certificates also but Exim
fails to load the files when trying to connect a TLS enabled host (mainlog
says "Error while reading file."). Changing the file access rights to 644
*or* chown :Debian-exim makes it work again. But neither is ok because it
either expose the files to much or makes them unaccessible for the other
applications.

>From chapter 55 of the Exim documentation I see that Exim delivery drops
rights which it has as a server but I don't fully understand it - or I
don't understand Unix access rights. With user Debian-exim member of
privkey_users why can't it read files with access rights for the group
privkey_users?

Regards,
Arno
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] SSL forcingRe: [exim] unable to send mails to subdomains - dnslookup defer->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)