On Saturday 17 June 2006 21:45, Robert Millan took the opportunity to write: > On Sat, Jun 17, 2006 at 08:32:42PM +0200, Magnus Holmgren wrote: > > ~/.forward is normally not evaluated before the actual delivery; in the > > default configuration no_verify is set on the userforward router because > > Exim runs as its own user when processing the ACLs and therefore can't > > count on having access to individual users' files. You can change that of > > course. > > It seems it needs a bit more than access to the files: > > 2006-06-17 21:33:04 unable to set gid=1001 or uid=1001 (euid=102): > userforward router (recipient is [EMAIL PROTECTED]) > > The ~/.forward files are world-readable, so why does it attempt > setgid/setuid? Can we still avoid running exim as root?
Yeees, I forgot that. Exim always tries to setuid/setgid to the user and group
given by those options or check_local_user, for security reasons I think. You
could add a verify_only router, but then you can't use $home.
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
pgpM3TK6mEPt4.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
