On 2013-10-08 at 19:16 +0000, Viktor Dukhovni wrote: > On Tue, Oct 08, 2013 at 07:47:11PM +0200, Axel Rau wrote: > > > > Whose "~"? Why should that work? Is there a system-wide postgresql > > > configuration? > > > > It's the home of the client. In this case the exim user. > > Phil, is it reasonable to expect that in running Exim processes, > libraries searching for configuration files in user home directories > should expect to find either $HOME=~exim or getpwuid(getuid())->pw_dir=~exim?
In theory: yes I'd love that to be reasonable. In practice: no, and frankly this situation is the sort of moment when I put my head in my hands and wonder why I don't run Postfix instead, with clearly separate binaries for different roles instead of a configuration file where the "main" settings can be hard to reason about root-vs-exim. (Then I look at my setup, realise I couldn't reproduce with Postfix, and stick with Exim's flexibility :) ... but that doesn't keep this from being something that Exim is behind in). > MTAs are complex, and tend to run with different identities at > different times (e.g. when delivering mail to commands in .forward > files, ...) and I don't know whether it is reasonable to expect a constant > $HOME in a running Exim process. Since my expertise is with Postfix and > OpenSSL, not Exim, I'll leave that question to others. $HOME is set up for external commands, being in the list of manipulated environment variables, and is set according to whether or not a home directory has been defined in the evaluation context; most commonly, this will be check_local_user implicitly doing so. So we're dealing here with a getpwuid(getuid())->pw_dir situation. And this depends entirely upon what part of the configuration file the string expansion is in: it's the invoking user, at time of evaluation. As much as possible, that should be the "exim" user, but there are still some things evaluated as root. Checking the postgres source (it's a bad sign that I have a copy of their git repo laying around, right?) I see they're using geteuid(), so this isn't an effective/real conflict. Axel, which directive are you using the pgsql lookup in please? The pgsql_servers setting should just be storing the definitions away for later reference, and then the first pgsql lookup using that server definition should evaluate with the current runtime user. There should be ... very little where that is done as root. I'm concerned that it happened at all. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
