https://bugs.exim.org/show_bug.cgi?id=2276
Phil Pennock <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #5 from Phil Pennock <[email protected]> --- Logs: if you change the permissions and build-time and use ACLs so that root has permission to write, then there is no FS permission override, and no issue. Spool: the default permission for files in the spool is set as SPOOL_MODE=0640. They're writable by group Exim. Solution 1: put user root into group Exim. Easy, fixed, done. Solution 2: use ACLs again to give root permission to read anything created in the spool input directory. More fragile, as that's a directory which Exim will happily auto-create when missing. Solution 3: disable the DAC enforcement. Honestly, I'd use solution 1 for the spool, and once you have that the only thing needed is to compile with LOG_MODE=0660 instead of the default 0640. I'd forgotten about read access to -D for delivery as non-root. I'm much less bothered by Exim choosing to open a file in read-only mode as root than I am when Exim is opening a file to _write_ as root. Closing this as wontfix because there is a sane solution available for use on such systems, using traditional group membership and permissions, and Exim is not misbehaving. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
