Markus Bergholz wrote: >> What's the ownership of the socket? Can the user exim is running as >> read/write it? >> > > hm, ls -l said only root is allowed: > srw-rw---- 1 root root > > but i'm little confused...i've got no user exim? how to do that exim is allow > to read/write? > > greetings > markus
'Depends on the Situation'... Your exim 'parent' process would ordinarily be invoked by/as root else cannot take control of port 25 (587, et al). But it should then drop privileges and most specifically run each of the 'child' processes as a lesser-privileged user, eg 'mail', 'exim', 'eximd' .. whatever you built it to utilize or configued it to utilize. Thereafter, what works for us is 'group' rights, with all of the players that have to do with mail-related services (Exim, Dovecot, SA, ClamAV, perhaps a DBMS...etc.) each with their own UID, but in the same group set aside for those players that must pass mail-related stuff between and among themselves. The Unixen in general have legacy default UID:GID for those, such as 'mail' and 'mailnull'. We use our own bespoke ones to insure nothing else will touch them [1]. CAVEAT: Group rights may get tricky if you have either/both Exim/Dovecot take-on the logged-in user's (E)UID:(E)GID to r/w message files to/from IMAP/POP. You'll need a consistent approach here. HTH, Bill [1] cron jobs that expect legacy sendmail and legacy log ownership -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
