[exim] How to access pgsql client cert when running suid ?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Axel Rau
Date:  
To: Exim-users
Subject: [exim] How to access pgsql client cert when running suid ?
exim worked well accessing its pgsql DB via client cert in its home.
After turning on setuid bit on exim binary, it could no longer access
the DB (error=‚valid client cert required‘)

This is FreeBSD 13.

From /etc/passwd:
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin

root@mx5:/ # ls -lR /var/spool/mqueue/
total 9
drwxr-xr-x 2 mailnull daemon 6 May 23 18:59 .postgresql 

/var/spool/mqueue/.postgresql:
total 10
-rw-r--r--  1 root      daemon  1643 May 23 18:59 erdb_op_client_cert.pem
-r--------  1 mailnull  wheel   1679 May 23 18:59 erdb_op_client_key.pem
lrwxr-xr-x  1 root      daemon    23 May 23 18:59 postgresql.crt -> erdb_op_client_cert.pem
lrwxr-xr-x  1 root      daemon    22 May 23 18:59 postgresql.key -> erdb_op_client_key.pem


Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 4.96-RC1 issueRe: [exim] How to access pgsql client cert when running suid ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)