Ednardo Lobo <[email protected]> (Fr 26 Aug 2016 01:33:21 CEST): > >So the exim user has write access …, the directories are sgid <group>. > >So, any file created in this directory should be owned by the creator > >and the group <group>. > > Correct, just as I imagined. In other words, the file uid must be equal to > the uid of the creator process and the gid equal to gid of the parent > directory, because of his setgid bit. > > >If Exim doesn't run as a privileged user, Exim can't create files owned > >by anybody else then the exim user and the group, owning the directory. > > > >So, I'd expect to just work. Can you show us the permissions of files > >in new/, right after Exim created it? > > drwxrws--- 5 exim 65536 4096 Ago 23 22:06 . > drwxrwx--- 3 exim root 4096 Ago 23 18:12 .. > drwxrws--- 2 exim 65536 4096 Ago 23 18:13 cur > drwxrws--- 2 exim 65536 4096 Ago 25 20:04 new > drwxrws--- 2 exim 65536 4096 Ago 25 20:04 tmp > > -rw-rw---- 1 exim exim 777 Ago 25 19:47 1472165275.H150650P22153.gnu > -rw-rw---- 1 exim exim 780 Ago 25 20:04 1472166260.H478116P22558.gnu > > I expected: … as I would expect too.
> -rw-rw---- 1 exim 65536 777 Ago 25 19:47 1472165275.H150650P22153.gnu > -rw-rw---- 1 exim 65536 780 Ago 25 20:04 1472166260.H478116P22558.gnu And you said, Exim runs without the suid privilege? According to a short glance into appendfile.c it seems, that Exim calls chown(2) on the newly created file. Maybe the generic transport option group = nogroup (or whatever group name 65536 relates to) helps. It doesn't avoid the chown, but it should chown the group to the group the file already has. The group option is expandable, so you might some string expansion to get the group name right, in case it's dynamic. Should we consider to avoid chown() under certain conditions? -- Heiko
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
