Exim permissions

Greg Matheson lang@ms.chinmin.edu.tw
Sun Sep 1 01:29:00 GMT 2002


Basically this is the same email as before about trying to get
exim working with some references from exim documentation thrown
in ;-)

Here is section 47.1 from the exim manual about permissions exim runs under.

	The Exim binary is normally setuid to root, which means that it gains
	root privilege (runs as root) when it starts execution. In some special
	cases (for example, when the daemon is not in use and there are no
	local deliveries), it may be possible to run Exim setuid to some user
	other than root. ... 

	It is not necessary to be root to do any of the other things Exim does,
	such as receiving messages and delivering them externally over SMTP,
	and it is obviously more secure if Exim does not run as root except
	when necessary. For this reason, a user and group for Exim to use must
	be defined in Local/Makefile. These are known as ¡¥the Exim user ¡¦ and
	¡¥the Exim group¡¦.  Their values can be changed by the run time
	configuration, though this is not recommended. Often a user called exim
	is used, but some sites use mail or another user name altogether.

So if this hasn't been changed in configure, exim_user and
exim_group are Everyone (uid=0). This is what was specified in
Pierre Humblet's build, according to exim -bP.

	Exim uses setuid() whenever it gives up root privilege. This is a
	permanent abdication; the process cannot regain root afterwards. 

	...

	If the process is not a daemon process or a queue runner process or a
	delivery process or a process for testing address routing (started
	with -bt), the uid and gid are changed to the Exim user and group. This
	means that Exim always runs under its own uid and gid when receiving
	messages....  

	For a daemon, queue-runner, delivery, or address testing process, the
	uid remains as root at this stage, but the gid is changed to the Exim
	group.

So whatever the uid is at the point where exim is creating
directories in the spool for receiving messages, I think that,
other than for log, it is creating them under Everyone group,
because this is the gid it is running under.

Everyone is uid=0, gid=0.

This may be the reason for this error message:

2002-09-01 06:20:14 H1PC6P-00021O-00 unable to set gid=0 or uid=0
(euid=500): remote delivery to lang@ms.chinmin.edu.tw with
transport=remote_smtp 2002-09-01 06:20:14 H1PC6P-00021O-00 ==
lang@ms.chinmin.edu.tw R=dnslookup T=remote_smtp defer (-1): smtp
transport process returned non-zero status 0x0100: exit code 1

uid=500 is Administrator. But wait, Is exim trying to become
Everyone here, or root, to deliver the mail? The exim binary is
not setuid to root, so exim must be running without root
privileges, having been called by a non-privileged user. Or have
I completely misunderstood here?

I thought Administrator=root, and cygwin took care of these
issues. On the other hand, ... 

I wonder if my problem is I don't have a user root, as in 
C:\cygwin\usr\doc\cygwin-doc-1.1\html\cygwin-ug-net\ntsec.html

Back to permissions, in 4.4 of the exim manual,

	There are three settings that you must supply, because Exim will not
	build without them. They are the location of the run time configuration
	file (CONFIGURE_FILE), the directory in which Exim binaries will be
	installed (BIN_DIRECTORY), and the identity of the Exim user (EXIM_USER
	and maybe EXIM_GROUP as well).
 
	There are a few other parameters that can be specified either at build
	time or at run time to enable the same binary to be used on a number of
	different machines. However, if the locations of Exim¡¦s spool
	directory and log file directory (if not within the spool directory)
	are fixed, it is recommended that you specify them in Local/Makefile
	instead of at run time, so that errors detected early in Exim¡¦s
	execution (such as a malformed configuration file) can be logged.

This second paragraph suggests Exim's log files are created as
quickly as possible, even before the setgid to exim_group. This
assumption is consistent with the group permission of None for
/usr/local/exim/spool/log, different than the Everyone group
permission for /usr/local/exim/spool/input.

Administrator@AFLD-SERVER /usr/local/exim
$ ls -al spool
total 20
drwxr-xr-x    6 Administ None            0 Aug 31 17:50 .
drwxr-xr-x    3 Administ None         4096 Aug 31 12:38 ..
drwxr-x---    2 Administ Everyone     4096 Aug 30 16:54 db
drwxr-x---    2 Administ Everyone    12288 Sep  1 10:35 input
drwxr-xr-x    2 Administ None            0 Aug 30 17:22 log
drwxr-x---    2 Administ Everyone        0 Aug 31 17:56 msglog

But the FAQ Q0044 says that the spool directory and all
subdirectories should be 750. And the owner and group should be
the exim_user (and exim_group).

The group permission of the spool and exim directories are both None.
The owner is Administrator.

The executable is:
Administrator@AFLD-SERVER /usr/local/bin
$ ls -al exim
lrwxrwxrwx    1 Administ None          110 Aug 30 14:33 exim -> exim-4.10-3.exe
$ ls -al exim-4.10-3.exe 
-rwxr-xr-x    1 Administ None       473088 Jul 25 12:08 exim-4.10-3.exe

Note no suid bit set. Is this the way it should be?

On ownership of the spool, 4.14 says: 
	When it starts up, Exim tries to create its spool directory if it
	does not exist. The Exim uid and gid are used for the owner and group
	of the spool directory. Sub-directories are automatically created in
	the spool directory as necessary.

Now, when exim accepts a message, it puts it in a queue in spool/input. 

Administrator@AFLD-SERVER /usr/local/exim/spool
$ ls -al input
ls: input/H1P6KR-0001XG-00-H: No such file or directory
total 17
drwxr-x---    2 Administ Everyone    12288 Sep  1 10:35 .
drwxr-xr-x    6 Administ None            0 Aug 31 17:50 ..
-rw-------    1 Everyone Everyone       34 Aug 31 17:40 H1PC6P-00021O-00-D
-rw-------    1 Everyone Everyone      839 Sep  1 10:20 H1PC6P-00021O-00-H
-rw-------    1 Everyone Everyone        0 Aug 31 17:50 H1PC6P-00021O-00-J
-rw-r--r--    1 Administ SYSTEM         63 Aug 31 17:56 H1PCY3-000210-00-D
-rw-------    1 Everyone Everyone     1036 Sep  1 10:35 H1PCY3-000210-00-H
-rw-------    1 Everyone Everyone        0 Aug 31 17:56 H1PCY3-000210-00-J

The error message indicates I have damaged my file system by
deleting files by hand ;-)

The problem is these ownership and permissions are allowing exim
to receive mail from the Administrator address, but not from a
non-privileged address from the command line or from mutt. The
error message is:

2002-09-01 11:14:31 H1QP07-0002D4-00 Failed to create spool file
/usr/local/exim/spool/input//H1QP07-0002D4-00-D: Permission denied

Before I think I tried something (different permissions?
exim_user=exim?). Now I have to think of my best plan of action.
Create root user? Set exim_user in configure. Run the daemon
under the exim account, even though Pierre Humblet's
CYGWIN.README suggests there is no compelling reason to? Or
change the permissions on the spool subdirectories by hand?

I don't know but I think I'm going to try creating a root user as
in the User Guide.

I've tried all the other alternatives, and although exim was
receiving and delivering mail from non-privileged accounts,
permission was still being denied in some cases.

-- 
Greg Matheson                Where do I have to be to get to
Chinmin College              where I want to be?
                                 
Taiwan Penpals Archive <URL: http://netcity.hinet.net/kurage>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list