Pkg exim4 users - May 2009 - What permissions is exim to have for your Maildir

Hi,

I''ve just been tweaking my setup to add a special delivery for a fixed
user into a non-standard Maildir location (rather than creating the
normal user in the system). Everything seems to be routing correctly
except when exim attempts to deliver my message it complains about
permissions.

The odd thing is my working normal Maildir has perfectly simple
rwx------ permissions and exim delivers into it fine. I was under the
impression that the exim delivery ran as root and shouldn''t have
problems putting things in my Mailbox.

Can anyone clarify what privileges the process that is writing into my
Maildir should have? If it''s not root then how come my other maildirs
work OK?


-- 
Alex, homepage: http://www.bennee.com/~alex/
CV: http://www.bennee.com/~alex/cv.php

Alex Bennee wrote:
> I''ve just been tweaking my setup to add a special delivery for a
fixed
> user into a non-standard Maildir location (rather than creating the
> normal user in the system). Everything seems to be routing correctly
> except when exim attempts to deliver my message it complains about
> permissions.
> 
> The odd thing is my working normal Maildir has perfectly simple
> rwx------ permissions and exim delivers into it fine. I was under the
> impression that the exim delivery ran as root and shouldn''t have
> problems putting things in my Mailbox.
> 
> Can anyone clarify what privileges the process that is writing into my
> Maildir should have? If it''s not root then how come my other
maildirs
> work OK?
The Exim delivery doesn''t run as root. It usually drops privileges to 
the appropriate user, before delivering the message. Show us your 
configuration, the log entry and the relevant directory path/ownership/perms

-- 
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)

2009/5/13 Mike Cardwell <exim-users at
lists.grepular.com>:
> Alex Bennee wrote:
>
>> I''ve just been tweaking my setup to add a special delivery for
a fixed
>> user into a non-standard Maildir location (rather than creating the
>> normal user in the system). Everything seems to be routing correctly
>> except when exim attempts to deliver my message it complains about
>> permissions.
<snip>
> The Exim delivery doesn''t run as root. It usually drops privileges
to the
> appropriate user, before delivering the message. Show us your
configuration,
> the log entry and the relevant directory path/ownership/perms
Ok, first the Maildir:
> pwd
/home/alex/Half-Llama
> ls -la Maildir/
total 20
drwx------ 5 alex alex 4096 May 12 19:49 .
drwxr-xr-x 4 alex alex 4096 May 12 19:49 ..
drwx------ 2 alex alex 4096 May 12 19:49 cur
drwx------ 2 alex alex 4096 May 12 19:49 new
drwx------ 2 alex alex 4096 May 12 19:49 tmp

The additional router/delivery:

### router/900_exim4-config_local_user
#################################

#
# Special maildrop for Half-Llama
#
llama_user:
  debug_print = "R: llama_user"
  driver = accept
  domains = +local_domains
  local_parts = llama
  require_files = /home/alex/Half-Llama/Maildir
  transport = maildir_llama

and

# This is a special deliver target for the "llama" User
#
# The llama user doesn''t exist except as a directory in my home dir
# where mail will get delivered.
#

maildir_llama:
  debug_print = "T: maildir_llama for $local_part@$domain"
  driver = appendfile
  directory = /home/alex/Half-Llama/Maildir
  delivery_date_add
  envelope_to_add
  return_path_add
  maildir_format
  .ifdef MAILDIR_HOME_DIRECTORY_MODE
  directory_mode = MAILDIR_HOME_DIRECTORY_MODE
  .else
  directory_mode = 0700
  .endif
  .ifdef MAILDIR_HOME_MODE
  mode = MAILDIR_HOME_MODE
  .else
  mode = 0600
  .endif
  mode_fail_narrower = false
  # This transport always chdirs to $home before trying to deliver. If
  # $home is not accessible, this chdir fails and prevents delivery.
  # If you are in a setup where home directories might not be
  # accessible, uncomment the current_directory line below.
  current_directory = /

Testing with exim -bt

/etc/exim4# exim -N -bt llama at mydomain.com
R: system_aliases for llama at mydomain.com
R: llama_user
llama at mydomain.com
    <-- llama at mydomain.com
  router = llama_user, transport = maildir_llama
/etc/exim4# exim -N -bt cheif_llama at mydomain.com
R: system_aliases for llama at mydomain.com
R: llama_user
llama at mydomain.com
    <-- llama at mydomain.com
    <-- cheif_llama at mydomain.com
  router = llama_user, transport = maildir_llama

And the log

2009-05-13 14:14:20 1M4DLo-0002Fd-SP == llama at mydomain.com
<cheif_llama at mydomain.com> R=llama_user T=maildir_llama defer (13):
Permission denied: cannot chdir to /home/alex/Half-Llama/Maildir

I have no idea what user it will attempt to be for the delivery in
this case. Can I tell it to do this delivery as a particular user? I
guess this is done by normal deliveries by the check_local_user
config?

-- 
Alex, homepage: http://www.bennee.com/~alex/
CV: http://www.bennee.com/~alex/cv.php

Answering myself:


2009/5/13 Alex Bennee <kernel-hacker at
bennee.com>:
> 2009/5/13 Mike Cardwell <exim-users at lists.grepular.com>:
>> Alex Bennee wrote:
> The additional router/delivery:
>
> ### router/900_exim4-config_local_user
> #################################
>
> #
> # Special maildrop for Half-Llama
> #
> llama_user:
> ?debug_print = "R: llama_user"
> ?driver = accept
> ?domains = +local_domains
> ?local_parts = llama
> ?require_files = /home/alex/Half-Llama/Maildir
> ?transport = maildir_llama
>
<snip>

Adding this fixed it:
  user = alex
> I have no idea what user it will attempt to be for the delivery in
> this case. Can I tell it to do this delivery as a particular user? I
> guess this is done by normal deliveries by the check_local_user
> config?
The docs mention exim warning if either check_local_user or user are
not set but the config update gave no warning.
-- 
Alex, homepage: http://www.bennee.com/~alex/
CV: http://www.bennee.com/~alex/cv.php