[afnog] exim cannot chdir to Maildir when with userdb

Brian Candler B.Candler at pobox.com
Sat Jul 15 11:07:22 EAT 2006 

On Sat, Jul 15, 2006 at 08:28:20AM +0100, Fisayo Adeleke wrote:
> courier:
> driver = accept
> transport = local_delivery_courier
> domains = lsearch;/usr/exim/virtualdoms
> condition = ${extract{HOME}{$address_data}{1}{0}}
...
> # Transport for courier
> local_delivery_courier:
> driver = appendfile
> directory =
> ${extract{HOME}{$address_data}}/${extract{MAILDIR}{$address_data}{$value}{Maildir}}/
> maildir_format
> maildir_use_size_file
> delivery_date_add
> envelope_to_add
> return_path_add
> #  user = exim
> #  group = exim
> maildir_tag = ,S=$message_size
> quota_size_regex = ,S=(\d+)
> quota = ${if match {${extract{QUOTA}{$address_data}}}{([0-9]+)S}{$1}{}}
> quota_filecount = ${if match
> {${extract{QUOTA}{$address_data}}}{([0-9]+)C}{$1}{}}
> quota_warn_threshold = 85%

Hmm. If you don't set 'user =' then the transport should run as the exim
user. Do you have

exim_user = <something>

in the top section of your config file? If so, what's <something> ? If you
don't, it should default to the EXIM_USER you specified in Local/Makefile
when building exim.

If you are running a virtual domain type of service, then I think it would
make sense to set

  user = exim
  group = exim

explicitly in the transport, just for safety. Or, you could let the
userdb-supplied values override this:

  user = ${extract {UID} {$address_data} {$value} {exim} }
  group = ${extract {GID} {$address_data} {$value} {exim} }

> > Is exim setuid root? (e.g. ls -l /usr/exim/bin/exim-4.xx). If so, it can
> > change to whatever uid it likes when delivering mail, so it's important that
> > your router and transport are correct.
> 
> [root at spider exim]# ls -l /usr/exim/bin/exim-4.62-5
> -rwsr-xr-x    1 root     normal        696646 Jul 27 10:50
> /usr/exim/bin/exim-4.62-5

OK, that's normal. It does mean that exim has permissions to create files
and directories as any user it likes. Generally, though, it tries to avoid
running transports as root, which is why I don't understand how your
filesystem got into this state.

Regards,

Brian.

More information about the afnog mailing list