Frank Elsner <frank.els...@tu-berlin.de> (Wed Feb 9 13:15:20 2011): > On Wed, 9 Feb 2011 07:00:34 -0500 Phil Pennock wrote: > > [ ... ] > > > You didn't read README.UPDATING or the announcement for 4.73? > > Yes, maybe I misunderstand it :-( > > [ ... ] > > > See README.UPDATING for more. > > | * The Exim run-time user can no longer be root; this was always > | strongly discouraged, but is now prohibited both at build and > | run-time. If you need Exim to run routinely as root, you'll need to > | patch the source and accept the risk. Here be dragons. > > I have EXIM_USER=ref:exim in Local/Makefile. > User "exim" is uid 103 in /etc/passwd. > > But the binary is > > -rwsr-xr-x 1 root root 864428 Feb 9 11:27 exim-4.74 > Setuid to bind to port 25, I guess? Or should I remove it?
If started by root, it doesn't matter. Exim should change it's euid after binding to the port. How is your exim started? Using some -C oder -D option? As far as I understand, the suid bit is used to change the euid/egid to whatever for local transports. The config file is not owned by your exim user? If you add the "pid" logselector, you should see, that a new process is forked for delivery. I did a short test (using 4.74) MM_USER = 12 MM_GROUP = 12 ---- router mm: driver = accept domains = +vmail_domains local_parts = xxx transport = pipi ---- transport pipi: driver = pipe command = /bin/sh -c "/bin/cat >/tmp/xxx" current_directory = /tmp home_directory = /tmp log_fail_output user = MM_USER group = MM_GROUP And it worked. The file created is owned by uid/gid 12. -- Heiko
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/