Bug 30561 - exim and group mail
Summary: exim and group mail
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: exim
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-03-04 17:30 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2003-03-26 14:23:49 UTC


Attachments (Terms of Use)

Description Need Real Name 2001-03-04 17:30:31 UTC
Hi, Tim.
Returning to our previous discussion:
It probably makes sense to run exim 
as exim.exim , not as mail.mail

/usr/src/redhat/SOURCES/Local-Makefile.patch
+EXIM_UID=8
+EXIM_GID=12

There is a plenty of setud programs which have mail user and/or group:
/usr/bin/procmail
/usr/bin/lockfile
/bin/mail

and probably various other mail related programs.
If there is a bug in any of them then they can read 
memory of exim process and thus do anything to it.

How hard (from organizational perspective)
is to get new UID.GID exim.exim 
in RedHat distribution,

as it was suggested by exim author Phil Hazel.

Comment 1 Need Real Name 2001-03-04 17:58:43 UTC
In addition:
change uid.gid to exim.exim may require change in permissions 
of the following directories

/var/log/exim
/var/spool/exim
/var/spool/exim/*

Comment 2 Need Real Name 2001-03-04 18:03:55 UTC
Another issue:
looking at exim.spec I see:

%defattr(-,root,mail)
%config(noreplace) /etc/exim.conf
%config(noreplace) /etc/aliases

why the owner of config files is root.mail 
and not root.root

Comment 3 Tim Waugh 2001-03-04 22:22:39 UTC
Yes. (exim-3.22-10 fixes up the permissions on /var/spool/exim to mail.mail
already, which it wasn't doing before.)

Next time around I'll see about creating exim.exim, but for this release I think
it might be too late.

Comment 4 Tim Waugh 2003-03-26 14:23:49 UTC
We no longer ship exim.


Note You need to log in before you can comment on or make changes to this bug.