[exim] How to access pgsql client cert when running suid ?

Top Page
Delete this message
Reply to this message
Author: Axel Rau
Date:  
To: Exim-users
Subject: [exim] How to access pgsql client cert when running suid ?
exim worked well accessing its pgsql DB via client cert in its home.
After turning on setuid bit on exim binary, it could no longer access
the DB (error=‚valid client cert required‘)

This is FreeBSD 13.

From /etc/passwd:
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin

root@mx5:/ # ls -lR /var/spool/mqueue/
total 9
drwxr-xr-x 2 mailnull daemon 6 May 23 18:59 .postgresql

/var/spool/mqueue/.postgresql:
total 10
-rw-r--r--  1 root      daemon  1643 May 23 18:59 erdb_op_client_cert.pem
-r--------  1 mailnull  wheel   1679 May 23 18:59 erdb_op_client_key.pem
lrwxr-xr-x  1 root      daemon    23 May 23 18:59 postgresql.crt -> erdb_op_client_cert.pem
lrwxr-xr-x  1 root      daemon    22 May 23 18:59 postgresql.key -> erdb_op_client_key.pem


Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius