[exim-dev] [Bug 3028] New: Running as unprivileged user give…

Góra strony
Delete this message
Reply to this message
Autor: Exim Bugzilla
Data:  
Dla: exim-dev
Nowe tematy: [exim-dev] [Bug 3028] Running as unprivileged user gives unspecific error "permission denied"
Temat: [exim-dev] [Bug 3028] New: Running as unprivileged user gives unspecific error "permission denied"
https://bugs.exim.org/show_bug.cgi?id=3028

            Bug ID: 3028
           Summary: Running as unprivileged user gives unspecific error
                    "permission denied"
           Product: Exim
           Version: 4.96
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: General execution
          Assignee: unallocated@???
          Reporter: bugs_exim@???
                CC: exim-dev@???

Trying to gather information for bug 3027, I tried running exim as a listening
service as an unprivileged user.
That didn’t work and I just got a very unspecific error "permission denied":

% exim -C /dev/null -v -oX 1234 -bdf        
LOG: MAIN
  Warning: purging the environment.
 Suggested action: use keep_environment.
exim: permission denied


Enabling debugging did not add any useful information:
% exim -C /dev/null -v -oX 1234 -bdf -d+all 
14:55:06  1825 Exim version 4.96 uid=1000 gid=1000 pid=1825 D=fff9ffff
14:55:06  1825 Support for: crypteq iconv() IPv6 GnuTLS TLS_resume
move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR
Queue_Ramp SOCKS SRS TCP_Fast_Open
14:55:06  1825 Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch
cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
14:55:06  1825 Authenticators: cram_md5 external plaintext
14:55:06  1825 Routers: accept dnslookup ipliteral manualroute queryprogram
redirect
14:55:06  1825 Transports: appendfile/maildir/mailstore autoreply lmtp pipe
smtp
14:55:06  1825 Fixed never_users: 0
14:55:06  1825 Configure owner: 0:0
14:55:06  1825 Size of off_t: 8
14:55:06  1825 Compiler: GCC [12.2.0]
14:55:06  1825 Library version: Glibc: Compile: 2.36
14:55:06  1825                         Runtime: 2.36
14:55:06  1825 Library version: BDB: Compile: Berkeley DB 5.3.28: (September 
9, 2013)
14:55:06  1825                       Runtime: Berkeley DB 5.3.28: (September 
9, 2013)
14:55:06  1825 Library version: GnuTLS: Compile: 3.7.9
14:55:06  1825                          Runtime: 3.7.9
14:55:06  1825 Library version: IDN2: Compile: 2.3.3
14:55:06  1825                        Runtime: 2.3.3
14:55:06  1825 Library version: Stringprep: Compile: 1.41
14:55:06  1825                              Runtime: 1.41
14:55:06  1825 Library version: PCRE2: Compile: 10.42
14:55:06  1825                         Runtime: 10.42 2022-12-11
14:55:06  1825 Total 14 lookups
14:55:06  1825 WHITELIST_D_MACROS: "OUTGOING"
14:55:06  1825 TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
14:55:06  1825 changed uid/gid: -C, -D, -be or -bf forces real uid
14:55:06  1825   uid=1000 gid=1000 pid=1825
14:55:06  1825   auxiliary group list: 4 6 7 20 24 25 29 30 44 46 50 104 108
109 114 117 119 121 122 123 136 139 140 148 150 152 162 1000 1001
14:55:06  1825 LOG: MAIN
14:55:06  1825   Warning: purging the environment.
14:55:06  1825  Suggested action: use keep_environment.
14:55:06  1825 configuration file is /dev/null
14:55:06  1825 log selectors = 00000ffc 64205022 0000000c
exim: debugging permission denied


My expectation is to be able to do that.
Even more so the expectation is that I get a meaningful error message why it is
not possible to do that so that I have a chance to figure out what’s wrong and
fix it.

Looking at an strace, it seemed like it might have to do with my unprivileged
user being unable to access the default spool directory but that does not seem
to have been the cause:
% cat tmp/2023-09-20_exim_config.conf
daemon_smtp_ports = 1234
spool_directory = /home/henk/tmp/exim_spool_test

14:57:22 θ66° [henk:~] <system> % exim -C tmp/2023-09-20_exim_config.conf -v
-bdf
LOG: MAIN
  Warning: purging the environment.
 Suggested action: use keep_environment.
exim: permission denied
[1]    2482 exit 1     exim -C tmp/2023-09-20_exim_config.conf -v -bdf
14:57:39 θ66° [henk:~] <system> 1 % exim -C tmp/2023-09-20_exim_config.conf -v
-bdf -d+all
14:57:45  2540 Exim version 4.96 uid=1000 gid=1000 pid=2540 D=fff9ffff
14:57:45  2540 Support for: crypteq iconv() IPv6 GnuTLS TLS_resume
move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR
Queue_Ramp SOCKS SRS TCP_Fast_Open
14:57:45  2540 Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch
cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
14:57:45  2540 Authenticators: cram_md5 external plaintext
14:57:45  2540 Routers: accept dnslookup ipliteral manualroute queryprogram
redirect
14:57:45  2540 Transports: appendfile/maildir/mailstore autoreply lmtp pipe
smtp
14:57:45  2540 Fixed never_users: 0
14:57:45  2540 Configure owner: 0:0
14:57:45  2540 Size of off_t: 8
14:57:45  2540 Compiler: GCC [12.2.0]
14:57:45  2540 Library version: Glibc: Compile: 2.36
14:57:45  2540                         Runtime: 2.36
14:57:45  2540 Library version: BDB: Compile: Berkeley DB 5.3.28: (September 
9, 2013)
14:57:45  2540                       Runtime: Berkeley DB 5.3.28: (September 
9, 2013)
14:57:45  2540 Library version: GnuTLS: Compile: 3.7.9
14:57:45  2540                          Runtime: 3.7.9
14:57:45  2540 Library version: IDN2: Compile: 2.3.3
14:57:45  2540                        Runtime: 2.3.3
14:57:45  2540 Library version: Stringprep: Compile: 1.41
14:57:45  2540                              Runtime: 1.41
14:57:45  2540 Library version: PCRE2: Compile: 10.42
14:57:45  2540                         Runtime: 10.42 2022-12-11
14:57:45  2540 Total 14 lookups
14:57:45  2540 WHITELIST_D_MACROS: "OUTGOING"
14:57:45  2540 TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
14:57:45  2540 changed uid/gid: -C, -D, -be or -bf forces real uid
14:57:45  2540   uid=1000 gid=1000 pid=2540
14:57:45  2540   auxiliary group list: 4 6 7 20 24 25 29 30 44 46 50 104 108
109 114 117 119 121 122 123 136 139 140 148 150 152 162 1000 1001
14:57:45  2540 LOG: MAIN
14:57:45  2540   Warning: purging the environment.
14:57:45  2540  Suggested action: use keep_environment.
14:57:45  2540 configuration file is tmp/2023-09-20_exim_config.conf
14:57:45  2540 log selectors = 00000ffc 64205022 0000000c
exim: debugging permission denied

-- 
You are receiving this mail because:
You are on the CC list for the bug.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/