Re: [exim] Re (y): Configuring for non-encrypted MUA to loca…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Slavko
日付:  
To: exim-users
古いトピック: [exim] Re (n): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
題目: Re: [exim] Re (y): Configuring for non-encrypted MUA to localhost. TLS-on-connect, exim to smarthost.
Ahoj,

Dňa Thu, 06 Apr 2023 10:30:53 -0700 Peter via Exim-users
<exim-users@???> napísal:

> HYPOTHESIZED CONCLUSION
> I should refrain from attempting to send messages as root. Should
> submit as ordinary user. Correct?


AFAIK no. Exim has some user defined to run under it, but that user is
used only for daemon (accepting TCP connections & queue runner). But
when exim delivers message or is invoked from command line, it runs as
particular user, either as target or calling user.

In other words, if someone sends message to local user and local
delivery happens, exim runs delivery proces as that users. If that
message is for root, it will not run delivery with root privileges.

When someone sends message via command line, exim runs as that user,
but when root sends message, exim will not run with root privileges.

That has no other means, it is not about who can be sender nor
recipient (course one still can limit that in particular ACL). It is
only about process's user, to prevent superuser's privileges for exim.

regards

--
Slavko
https://www.slavino.sk