https://bugs.exim.org/show_bug.cgi?id=3028
Bug ID: 3028
Summary: Running as unprivileged user gives unspecific error
"permission denied"
Product: Exim
Version: 4.96
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: General execution
Assignee: unallocated@???
Reporter: bugs_exim@???
CC: exim-dev@???
Trying to gather information for bug 3027, I tried running exim as a listening
service as an unprivileged user.
That didn’t work and I just got a very unspecific error "permission denied":
% exim -C /dev/null -v -oX 1234 -bdf
LOG: MAIN
Warning: purging the environment.
Suggested action: use keep_environment.
exim: permission denied
Enabling debugging did not add any useful information:
% exim -C /dev/null -v -oX 1234 -bdf -d+all
14:55:06 1825 Exim version 4.96 uid=1000 gid=1000 pid=1825 D=fff9ffff
14:55:06 1825 Support for: crypteq iconv() IPv6 GnuTLS TLS_resume
move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR
Queue_Ramp SOCKS SRS TCP_Fast_Open
14:55:06 1825 Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch
cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
14:55:06 1825 Authenticators: cram_md5 external plaintext
14:55:06 1825 Routers: accept dnslookup ipliteral manualroute queryprogram
redirect
14:55:06 1825 Transports: appendfile/maildir/mailstore autoreply lmtp pipe
smtp
14:55:06 1825 Fixed never_users: 0
14:55:06 1825 Configure owner: 0:0
14:55:06 1825 Size of off_t: 8
14:55:06 1825 Compiler: GCC [12.2.0]
14:55:06 1825 Library version: Glibc: Compile: 2.36
14:55:06 1825 Runtime: 2.36
14:55:06 1825 Library version: BDB: Compile: Berkeley DB 5.3.28: (September
9, 2013)
14:55:06 1825 Runtime: Berkeley DB 5.3.28: (September
9, 2013)
14:55:06 1825 Library version: GnuTLS: Compile: 3.7.9
14:55:06 1825 Runtime: 3.7.9
14:55:06 1825 Library version: IDN2: Compile: 2.3.3
14:55:06 1825 Runtime: 2.3.3
14:55:06 1825 Library version: Stringprep: Compile: 1.41
14:55:06 1825 Runtime: 1.41
14:55:06 1825 Library version: PCRE2: Compile: 10.42
14:55:06 1825 Runtime: 10.42 2022-12-11
14:55:06 1825 Total 14 lookups
14:55:06 1825 WHITELIST_D_MACROS: "OUTGOING"
14:55:06 1825 TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
14:55:06 1825 changed uid/gid: -C, -D, -be or -bf forces real uid
14:55:06 1825 uid=1000 gid=1000 pid=1825
14:55:06 1825 auxiliary group list: 4 6 7 20 24 25 29 30 44 46 50 104 108
109 114 117 119 121 122 123 136 139 140 148 150 152 162 1000 1001
14:55:06 1825 LOG: MAIN
14:55:06 1825 Warning: purging the environment.
14:55:06 1825 Suggested action: use keep_environment.
14:55:06 1825 configuration file is /dev/null
14:55:06 1825 log selectors = 00000ffc 64205022 0000000c
exim: debugging permission denied
My expectation is to be able to do that.
Even more so the expectation is that I get a meaningful error message why it is
not possible to do that so that I have a chance to figure out what’s wrong and
fix it.
Looking at an strace, it seemed like it might have to do with my unprivileged
user being unable to access the default spool directory but that does not seem
to have been the cause:
% cat tmp/2023-09-20_exim_config.conf
daemon_smtp_ports = 1234
spool_directory = /home/henk/tmp/exim_spool_test
14:57:22 θ66° [henk:~] <system> % exim -C tmp/2023-09-20_exim_config.conf -v
-bdf
LOG: MAIN
Warning: purging the environment.
Suggested action: use keep_environment.
exim: permission denied
[1] 2482 exit 1 exim -C tmp/2023-09-20_exim_config.conf -v -bdf
14:57:39 θ66° [henk:~] <system> 1 % exim -C tmp/2023-09-20_exim_config.conf -v
-bdf -d+all
14:57:45 2540 Exim version 4.96 uid=1000 gid=1000 pid=2540 D=fff9ffff
14:57:45 2540 Support for: crypteq iconv() IPv6 GnuTLS TLS_resume
move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR
Queue_Ramp SOCKS SRS TCP_Fast_Open
14:57:45 2540 Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch
cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
14:57:45 2540 Authenticators: cram_md5 external plaintext
14:57:45 2540 Routers: accept dnslookup ipliteral manualroute queryprogram
redirect
14:57:45 2540 Transports: appendfile/maildir/mailstore autoreply lmtp pipe
smtp
14:57:45 2540 Fixed never_users: 0
14:57:45 2540 Configure owner: 0:0
14:57:45 2540 Size of off_t: 8
14:57:45 2540 Compiler: GCC [12.2.0]
14:57:45 2540 Library version: Glibc: Compile: 2.36
14:57:45 2540 Runtime: 2.36
14:57:45 2540 Library version: BDB: Compile: Berkeley DB 5.3.28: (September
9, 2013)
14:57:45 2540 Runtime: Berkeley DB 5.3.28: (September
9, 2013)
14:57:45 2540 Library version: GnuTLS: Compile: 3.7.9
14:57:45 2540 Runtime: 3.7.9
14:57:45 2540 Library version: IDN2: Compile: 2.3.3
14:57:45 2540 Runtime: 2.3.3
14:57:45 2540 Library version: Stringprep: Compile: 1.41
14:57:45 2540 Runtime: 1.41
14:57:45 2540 Library version: PCRE2: Compile: 10.42
14:57:45 2540 Runtime: 10.42 2022-12-11
14:57:45 2540 Total 14 lookups
14:57:45 2540 WHITELIST_D_MACROS: "OUTGOING"
14:57:45 2540 TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
14:57:45 2540 changed uid/gid: -C, -D, -be or -bf forces real uid
14:57:45 2540 uid=1000 gid=1000 pid=2540
14:57:45 2540 auxiliary group list: 4 6 7 20 24 25 29 30 44 46 50 104 108
109 114 117 119 121 122 123 136 139 140 148 150 152 162 1000 1001
14:57:45 2540 LOG: MAIN
14:57:45 2540 Warning: purging the environment.
14:57:45 2540 Suggested action: use keep_environment.
14:57:45 2540 configuration file is tmp/2023-09-20_exim_config.conf
14:57:45 2540 log selectors = 00000ffc 64205022 0000000c
exim: debugging permission denied
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/