On Sat, Jun 17, 2006 at 09:59:32PM +0200, Magnus Holmgren wrote: > > It seems it needs a bit more than access to the files: > > > > 2006-06-17 21:33:04 unable to set gid=1001 or uid=1001 (euid=102): > > userforward router (recipient is [EMAIL PROTECTED]) > > > > The ~/.forward files are world-readable, so why does it attempt > > setgid/setuid? Can we still avoid running exim as root? > > Yeees, I forgot that. Exim always tries to setuid/setgid to the user and > group > given by those options or check_local_user, for security reasons I think. You > could add a verify_only router, but then you can't use $home.
I don't understand. How can failure to drop privileges be a critical error? When it runs as root, this never happens. When it runs as user, it isn't necessary (although access could be denied if user is not the same). Perhaps this error message is just hiding the real problem, which is something else? -- Robert Millan -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
