Re: [exim] Exim and file access right

On 2019-05-19 16:05, Arno Thuber wrote:

> Exim uses my certificate and it's private key. Those data (at least
> the private key) is precious and therefore not world readable on my
> host. The file access rights are 640 with u=root and
> g=privkey_users. The group privkey_users is an additional group with
> members Debian-exim, dovecot and nginx because they all need access to
> that files. That works since a year now for Exim as a server
>
> So now I want Exim as a client to present the certificates also but
> Exim fails to load the files when trying to connect a TLS enabled host
> (mainlog says "Error while reading file."). Changing the file access
> rights to 644 *or* chown :Debian-exim makes it work again. But neither
> is ok because it either expose the files to much or makes them
> unaccessible for the other applications.
>
> From chapter 55 of the Exim documentation I see that Exim delivery
> drops rights which it has as a server but I don't fully understand it
> - or I don't understand Unix access rights. With user Debian-exim
> member of privkey_users why can't it read files with access rights for
> the group privkey_users?

What is the primary group of the user ID Debian-exim? I think what you
report would happen if that group was something else than Debian-exim.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.