I noticed this today while trying to grant myself config editing access
under a normal user account:
[16:31:33] [cambodia:18:exim4]# ls -l *.conf
-rw-rw-r-- 1 root root 18199 2005-02-11 16:09 acl.conf
-rw-rw-r-- 1 root root 284 2005-02-11 16:00 exim4.conf
-rw-rw-r-- 1 root root 236 2005-02-10 01:51 local.conf
-rw-rw-r-- 1 root root 5383 2005-02-11 16:07 macro.conf
-rw-rw-r-- 1 root root 3466 2005-02-11 16:09 main.conf
-rw-rw-r-- 1 root root 1167 2005-02-07 23:20 retry.conf
-rw-rw-r-- 1 root root 1156 2005-02-11 16:05 routers.conf
-rw-rw-r-- 1 root root 591 2005-02-11 16:01 transports.conf
[16:31:36] [cambodia:19:exim4]# exim
2005-02-11 16:31:45 Exim configuration file /etc/exim4/exim4.conf has
the wrong owner, group, or mode
[16:31:45] [cambodia:20:exim4]# chmod g-w exim4.conf
[16:31:50] [cambodia:21:exim4]# exim
Exim is a Mail Transfer Agent. It is normally called by Mail User..
So essentially, whilest exim checks for group-write on the main
configuration file, it fails to do so for .includes.
What are your thoughts on this sort of check? IMHO it is similar to
checking whether UID != EUID - namely, it doesn't really apply all that
well to modern UNIXes (for example, what if the config file has extra
ACLs?).
I'd rather see this code removed than fixed, although I understand that
this would have an impact on the functionality of the -C switch.
Thanks,
David.
under a normal user account:
[16:31:33] [cambodia:18:exim4]# ls -l *.conf
-rw-rw-r-- 1 root root 18199 2005-02-11 16:09 acl.conf
-rw-rw-r-- 1 root root 284 2005-02-11 16:00 exim4.conf
-rw-rw-r-- 1 root root 236 2005-02-10 01:51 local.conf
-rw-rw-r-- 1 root root 5383 2005-02-11 16:07 macro.conf
-rw-rw-r-- 1 root root 3466 2005-02-11 16:09 main.conf
-rw-rw-r-- 1 root root 1167 2005-02-07 23:20 retry.conf
-rw-rw-r-- 1 root root 1156 2005-02-11 16:05 routers.conf
-rw-rw-r-- 1 root root 591 2005-02-11 16:01 transports.conf
[16:31:36] [cambodia:19:exim4]# exim
2005-02-11 16:31:45 Exim configuration file /etc/exim4/exim4.conf has
the wrong owner, group, or mode
[16:31:45] [cambodia:20:exim4]# chmod g-w exim4.conf
[16:31:50] [cambodia:21:exim4]# exim
Exim is a Mail Transfer Agent. It is normally called by Mail User..
So essentially, whilest exim checks for group-write on the main
configuration file, it fails to do so for .includes.
What are your thoughts on this sort of check? IMHO it is similar to
checking whether UID != EUID - namely, it doesn't really apply all that
well to modern UNIXes (for example, what if the config file has extra
ACLs?).
I'd rather see this code removed than fixed, although I understand that
this would have an impact on the functionality of the -C switch.
Thanks,
David.