Re: [exim] Exim and file access right

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMIan Zimmerman at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Evgeniy Berdnikov
Date:  
To: exim-users
Subject: Re: [exim] Exim and file access right
On Sun, May 19, 2019 at 04:05:20PM +0200, Arno Thuber via Exim-users wrote:
> >From chapter 55 of the Exim documentation I see that Exim delivery drops
> rights which it has as a server but I don't fully understand it - or I
> don't understand Unix access rights. With user Debian-exim member of
> privkey_users why can't it read files with access rights for the group
> privkey_users?

Unix group membership, as defined by /etc/group, is set to the process
via setgroups(2) syscall. For interactive process it is executed by the
programm, which starts user session (getty, login, sshd, etc), in addtion
to establishing user's uid and gid.

If setgroups(2) is not called before setuid(2) and setgid(2), then
process does not receive additional group membership. I suspect
Exim simply changes uid and gid for its child processes.
--
Eugene Berdnikov

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim and file access rightRe: [exim] SSL forcing->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)