|
List Info
Thread: Re: Re: What should be the EFFECTIVE_USER and it's privileges ?
|
|
| Re: Re: What should be the
EFFECTIVE_USER and it's privileges ? |
 
Sri Lanka |
2007-05-29 04:02:46 |
|
Dear Aaron,
Exim does not provide a separate sendmail binary which is capable of
setuid. But exim binary it self is setuid capable. I have no idea how
to adapt it to this as a solution (and it is more like an Exim question
now).
Further, I have seen while googling that in some instances, users have
created a symlink /usr/sbin/sendmail, linking exim binary. :-
The chapter
http://www.exim.org/exim-html-current/doc/html/spec_html/ch52.html
extensively discusses setuid amongst other security hardening concerns.
Yet I could make nothing out of it for this situation.
Thanks and regards,
Lasantha.
localhost" type="cite">
Perhaps there's a setuid root binary at /usr/bin/sendmail
or /usr/lib/sendmail that belongs to exim?
On Tue, 2007-05-29 at 11:57 +0530, Lasantha Marian wrote:
Dear Aaron,
I have tried several options.
On your lead, tried using Exim's trusted_users and trusted_groups to
include dbmail/dbmail as user and group combination. Then DBMail
started reporting an error in dbmail.err log indicating the following,
giving the old result of not delivering the messages.
2007-05-29 10:10:40 Failed to create spool
file /var/spool/Exim/outgoing/input/1HstVg-0001wn-5P-D: Permission
denied
This does not look like an error generated by DBMail, possibly
generated by Exim but logged by DBMail.
Then I've changed to "EFFECTIVE_GROUP = exim" while having
"EFFECTIVE_USER = dbmail", still reported the same error. Then I've
changed the group privileges of the spool directories as chmod g
+rws /var/spool/Exim/outgoing/{input,msglog}, which made the
deliveries to dbmail-lmtpd successful. 
I am yet not fully satisfied, there are other Exim compilation options
(EXIMDB_DIRECTORY_MODE, EXIMDB_MODE, INPUT_DIRECTORY_MODE,
SPOOL_DIRECTORY_MODE, SPOOL_MODE) which I should try. Though I do not
plan immediately, when I try these options, will keep you updated.
However, for the time being, I will be using exim/exim user and group
combination.
Thanks for all the help offered.
Kind regards,
Lasantha.
-------- Original Message --------
Subject:
[Dbmail] Re: What should be the
EFFECTIVE_USER and it's
privileges ?
Date:
Tue, 29/May/2007 8:31:44 AM +0550
From:
Lasantha Marian gmail.com"><x72m35 gmail.com>
To:
DBMail mailinglist
dbmail.org"><dbmaildbmail.org>
Dear Aaron,
Yes I do agree with you on separate users for Exim and DBMail. I
will work on it and come back to you.
Lasantha.
-------- Original Message --------
Subject:
[Dbmail] Re: What should be the
EFFECTIVE_USER and it's
privileges ?
Date:
Mon, 28/May/2007 9:47:46 PM +0550
From:
Aaron Stone serendipity.cx"><aaronserendipity.cx>
To:
DBMail mailinglist
dbmail.org"><dbmaildbmail.org>
On Mon, 2007-05-28 at 16:58 +0530, Lasantha Marian wrote:
/usr/local/Exim/bin/exim -C /usr/local/Exim/etc/exim-queue.conf
I thought about this some more, and I don't think this is correct.
Doesn't exim have a sendmail emulator? This chapter looks relevant:
http://exim.org/exim-html-current/doc/html/spec_html/ch05.html
If you don't mind playing with your configuration a little bit more, I
think it will be preferable to have DBMail and Exim running as separate
users.
Aaron
_______________________________________________
DBmail mailing list
dbmail.org">DBmaildbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
dbmail.org">DBmaildbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
dbmail.org">DBmaildbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
|
[1]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|
gmail.com&
dbmail.org