[exim-dev] [Bug 3028] Running as unprivileged user gives uns…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim Bugzilla
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 3028] Running as unprivileged user gives unspecific error "permission denied"
https://bugs.exim.org/show_bug.cgi?id=3028

Andrew Aitchison <exim@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |exim@???


--- Comment #5 from Andrew Aitchison <exim@???> ---
[ Some of this comment first appeared in a reply on the exim-dev email list,
  archived at:
    https://lists.exim.org/lurker/message/20230921.161628.2cf9a176.en.html
]


The messages
exim: debugging permission denied
and
exim: permission denied
are generated by exim *on its own initiative*, not by system call failures.

Exim has determined that you are not an admin user, so do not have the
authority to continue. In the code (exim.c cira line 4430) the "debugging"
version of the message comes immdiately after a comment:

/* Only an admin user may start the daemon or force a queue run in the default
configuration, but the queue run restriction can be relaxed. Only an admin
user may request that a message be returned to its sender forthwith. Only an
admin user may specify a debug level greater than D_v (because it might show
passwords, etc. in lookup queries). Only an admin user may request a queue
count. Only an admin user can use the test interface to scan for email
(because Exim will be in the spool dir and able to look at mails). */

Who/what is an admin_user ? An earlier comment (around line 4090) says:
/* If an action on specific messages is requested, or if a daemon or queue
runner is being started, we need to know if Exim was called by an admin user.
This is the case if the real user is root or exim, or if the real group is
exim, or if one of the supplementary groups is exim or a group listed in
admin_groups. We don't fail all message actions immediately if not admin_user,
since some actions can be performed by non-admin users. Instead, set admin_user
for later interrogation. */

** Since you are trying to start a daemon you need to do as an admin.
** Now that you understand the reason for the message (I hope)
** can you suggest a clearer message text ?

For this sort of testing I recommend that either your test user belongs to your
exim group, or to a group declared in your test config in the "admin_group"
entry.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/