This is the mail archive of the
mailing list for the Cygwin project.
Re: Exim permissions
- From: Greg Matheson <lang at ms dot chinmin dot edu dot tw>
- To: cygwin at cygwin dot com
- Date: Sun, 1 Sep 2002 16:33:00 +0800
- Subject: Re: Exim permissions
- References: <20020830182247.B21574@ms>
Basically this is the same email as before about trying to get
exim working with some references from exim documentation thrown
Here is section 47.1 from the exim manual about permissions exim runs under.
The Exim binary is normally setuid to root, which means that it gains
root privilege (runs as root) when it starts execution. In some special
cases (for example, when the daemon is not in use and there are no
local deliveries), it may be possible to run Exim setuid to some user
other than root. ...
It is not necessary to be root to do any of the other things Exim does,
such as receiving messages and delivering them externally over SMTP,
and it is obviously more secure if Exim does not run as root except
when necessary. For this reason, a user and group for Exim to use must
be defined in Local/Makefile. These are known as ．the Exim user ・ and
．the Exim group・. Their values can be changed by the run time
configuration, though this is not recommended. Often a user called exim
is used, but some sites use mail or another user name altogether.
So if this hasn't been changed in configure, exim_user and
exim_group are Everyone (uid=0). This is what was specified in
Pierre Humblet's build, according to exim -bP.
Exim uses setuid() whenever it gives up root privilege. This is a
permanent abdication; the process cannot regain root afterwards.
If the process is not a daemon process or a queue runner process or a
delivery process or a process for testing address routing (started
with -bt), the uid and gid are changed to the Exim user and group. This
means that Exim always runs under its own uid and gid when receiving
For a daemon, queue-runner, delivery, or address testing process, the
uid remains as root at this stage, but the gid is changed to the Exim
So whatever the uid is at the point where exim is creating
directories in the spool for receiving messages, I think that,
other than for log, it is creating them under Everyone group,
because this is the gid it is running under.
Everyone is uid=0, gid=0.
This may be the reason for this error message:
2002-09-01 06:20:14 H1PC6P-00021O-00 unable to set gid=0 or uid=0
(euid=500): remote delivery to email@example.com with
transport=remote_smtp 2002-09-01 06:20:14 H1PC6P-00021O-00 ==
firstname.lastname@example.org R=dnslookup T=remote_smtp defer (-1): smtp
transport process returned non-zero status 0x0100: exit code 1
uid=500 is Administrator. But wait, Is exim trying to become
Everyone here, or root, to deliver the mail? The exim binary is
not setuid to root, so exim must be running without root
privileges, having been called by a non-privileged user. Or have
I completely misunderstood here?
I thought Administrator=root, and cygwin took care of these
issues. On the other hand, ...
I wonder if my problem is I don't have a user root, as in
Back to permissions, in 4.4 of the exim manual,
There are three settings that you must supply, because Exim will not
build without them. They are the location of the run time configuration
file (CONFIGURE_FILE), the directory in which Exim binaries will be
installed (BIN_DIRECTORY), and the identity of the Exim user (EXIM_USER
and maybe EXIM_GROUP as well).
There are a few other parameters that can be specified either at build
time or at run time to enable the same binary to be used on a number of
different machines. However, if the locations of Exim・s spool
directory and log file directory (if not within the spool directory)
are fixed, it is recommended that you specify them in Local/Makefile
instead of at run time, so that errors detected early in Exim・s
execution (such as a malformed configuration file) can be logged.
This second paragraph suggests Exim's log files are created as
quickly as possible, even before the setgid to exim_group. This
assumption is consistent with the group permission of None for
/usr/local/exim/spool/log, different than the Everyone group
permission for /usr/local/exim/spool/input.
$ ls -al spool
drwxr-xr-x 6 Administ None 0 Aug 31 17:50 .
drwxr-xr-x 3 Administ None 4096 Aug 31 12:38 ..
drwxr-x--- 2 Administ Everyone 4096 Aug 30 16:54 db
drwxr-x--- 2 Administ Everyone 12288 Sep 1 10:35 input
drwxr-xr-x 2 Administ None 0 Aug 30 17:22 log
drwxr-x--- 2 Administ Everyone 0 Aug 31 17:56 msglog
But the FAQ Q0044 says that the spool directory and all
subdirectories should be 750. And the owner and group should be
the exim_user (and exim_group).
The group permission of the spool and exim directories are both None.
The owner is Administrator.
The executable is:
$ ls -al exim
lrwxrwxrwx 1 Administ None 110 Aug 30 14:33 exim -> exim-4.10-3.exe
$ ls -al exim-4.10-3.exe
-rwxr-xr-x 1 Administ None 473088 Jul 25 12:08 exim-4.10-3.exe
Note no suid bit set. Is this the way it should be?
On ownership of the spool, 4.14 says:
When it starts up, Exim tries to create its spool directory if it
does not exist. The Exim uid and gid are used for the owner and group
of the spool directory. Sub-directories are automatically created in
the spool directory as necessary.
Now, when exim accepts a message, it puts it in a queue in spool/input.
$ ls -al input
ls: input/H1P6KR-0001XG-00-H: No such file or directory
drwxr-x--- 2 Administ Everyone 12288 Sep 1 10:35 .
drwxr-xr-x 6 Administ None 0 Aug 31 17:50 ..
-rw------- 1 Everyone Everyone 34 Aug 31 17:40 H1PC6P-00021O-00-D
-rw------- 1 Everyone Everyone 839 Sep 1 10:20 H1PC6P-00021O-00-H
-rw------- 1 Everyone Everyone 0 Aug 31 17:50 H1PC6P-00021O-00-J
-rw-r--r-- 1 Administ SYSTEM 63 Aug 31 17:56 H1PCY3-000210-00-D
-rw------- 1 Everyone Everyone 1036 Sep 1 10:35 H1PCY3-000210-00-H
-rw------- 1 Everyone Everyone 0 Aug 31 17:56 H1PCY3-000210-00-J
The error message indicates I have damaged my file system by
deleting files by hand ;-)
The problem is these ownership and permissions are allowing exim
to receive mail from the Administrator address, but not from a
non-privileged address from the command line or from mutt. The
error message is:
2002-09-01 11:14:31 H1QP07-0002D4-00 Failed to create spool file
/usr/local/exim/spool/input//H1QP07-0002D4-00-D: Permission denied
Before I think I tried something (different permissions?
exim_user=exim?). Now I have to think of my best plan of action.
Create root user? Set exim_user in configure. Run the daemon
under the exim account, even though Pierre Humblet's
CYGWIN.README suggests there is no compelling reason to? Or
change the permissions on the spool subdirectories by hand?
I don't know but I think I'm going to try creating a root user as
in the User Guide.
I've tried all the other alternatives, and although exim was
receiving and delivering mail from non-privileged accounts,
permission was still being denied in some cases.
Greg Matheson Where do I have to be to get to
Chinmin College where I want to be?
Taiwan Penpals Archive <URL: http://netcity.hinet.net/kurage>
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html