On 2010-07-31 at 18:11 +0400, [email protected] wrote: > Good day!First sorry my English.I use exim-4.69. I run exim from user exim > and primary group exim.Currently my exim binary file have exim:exim ownership > and setuid and setgid.I mean that setuid is excess privelege. How about add > functionality, when exim work with files in his spool with umask 007 for > example, and newer chown file in his spool?I mean that allow do exim binary > file only setgid. > For example:1. User send email via mailx and via sgid exim binary,so spool > file have 660 mode and user:exim ownership.exim can manage this file.2. Exim > recieve email via smtp, so spool file have 660 mode and exim:exim > ownership.exim can manage this file.3. For example: Exim is member of clamav > group and put files into scan directory with mode 640 and exim:clamav > ownership.
User-support questions belong on the exim-users list, please. You should probably try to read section 52, "SECURITY CONSIDERATIONS", of The Exim Specification. This was provided with Exim, as "spec.txt", or can be found on www.exim.org. In particular (С благодарностью к Google Translate): 52.1 Building a more "hardened" Exim 52,1 Строительство более "закаленные" Exim 52.2 Root privilege 52,2 корневой привилегий 52.3 Running Exim without privilege 52,3 Запуск Exim без привилегий С уважением, -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
