[exim] How to access pgsql client cert when running suid ?

Axel Rau via Exim-users Mon, 23 May 2022 12:44:59 -0700

exim worked well accessing its pgsql DB via client cert in its home.
After turning on setuid bit on exim binary, it could no longer access
the DB (error=‚valid client cert required‘)


This is FreeBSD 13.

From /etc/passwd:
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin

root@mx5:/ # ls -lR /var/spool/mqueue/
total 9
drwxr-xr-x  2 mailnull  daemon  6 May 23 18:59 .postgresql

/var/spool/mqueue/.postgresql:
total 10
-rw-r--r--  1 root      daemon  1643 May 23 18:59 erdb_op_client_cert.pem
-r--------  1 mailnull  wheel   1679 May 23 18:59 erdb_op_client_key.pem
lrwxr-xr-x  1 root      daemon    23 May 23 18:59 postgresql.crt -> 
erdb_op_client_cert.pem
lrwxr-xr-x  1 root      daemon    22 May 23 18:59 postgresql.key -> 
erdb_op_client_key.pem

Axel 
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] How to access pgsql client cert when running suid ?

Reply via email to