1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
<HTML>
<HEAD>
<!-- This HTML file has been created by texi2html 1.52
from spec on 25 November 2000 -->
<TITLE>Exim Specification - 13. Environment for running local transports</TITLE>
</HEAD>
<body bgcolor="#FFFFFF" text="#00005A" link="#FF6600" alink="#FF9933" vlink="#990000">
Go to the <A HREF="spec_1.html">first</A>, <A HREF="spec_12.html">previous</A>, <A HREF="spec_14.html">next</A>, <A HREF="spec_59.html">last</A> section, <A HREF="spec_toc.html">table of contents</A>.
<P><HR><P>
<H1><A NAME="SEC398" HREF="spec_toc.html#TOC398">13. Environment for running local transports</A></H1>
<P>
<A NAME="IDX1017"></A>
<A NAME="IDX1018"></A>
Local transports handle deliveries to files and pipes. (The <EM>autoreply</EM>
transport can be thought of as similar to a pipe.) Whenever a local transport
is run, Exim forks a subprocess for it.
<A NAME="IDX1019"></A>
<A NAME="IDX1020"></A>
Before running the transport code, it sets a specific uid and gid by calling
<EM>setuid()</EM> and <EM>setgid()</EM>. It also sets a current file directory; for some
transports a home directory setting is also relevant.
The <EM>pipe</EM> transport is the only one which sets up environment variables; see
section 18.3 for details.
</P>
<P>
The values used for the uid, gid, and the directories may come from several
different places. In many cases the director that handles the address
associates settings with that address. However, values may also be given in the
transport's own configuration, and these override anything that comes with the
address. The sections below contain a summary of the possible sources of the
values, and how they interact with each other.
</P>
<P>
<H2><A NAME="SEC399" HREF="spec_toc.html#TOC399">13.1 Uids and gids</A></H2>
<P>
<A NAME="IDX1021"></A>
<A NAME="IDX1022"></A>
All local transports have the options <EM>group</EM> and <EM>user</EM>. If <EM>group</EM> is set, it
overrides any group that may be set in the address, even if <EM>user</EM> is not set.
This makes it possible, for example, to run local mail delivery under the uid
of the recipient, but in a special group.
For example:
<PRE>
group_delivery:
driver = appendfile
file = /var/spool/mail/$local_part
group = mail
</PRE>
<P>
If <EM>user</EM> is set for a transport, its value overrides what is set in the
address. If <EM>user</EM> is non-numeric and <EM>group</EM> is not set, the gid associated
with the user is used. If <EM>user</EM> is numeric, <EM>group</EM> must be set.
</P>
<P>
<A NAME="IDX1023"></A>
The <EM>pipe</EM> transport contains the special option <EM>pipe_as_creator</EM>. If this
is set and <EM>user</EM> is not set, the uid of the process that called Exim to
receive the message is used, and if <EM>group</EM> is not set, the corresponding
original gid is also used.
</P>
<P>
<A NAME="IDX1024"></A>
When the uid is taken from the transport's configuration, the <EM>initgroups()</EM>
function is called for the groups associated with that uid if the <EM>initgroups</EM>
option is set for the transport; <EM>pipe</EM> is the only transport that has such an
option.
</P>
<P>
When the uid is not specified by the transport, but is associated with the
address by a director or router, the option for calling <EM>initgroups()</EM> is taken
from the director or router configuration. All directors and routers have
<EM>group</EM>, <EM>user</EM>, and <EM>initgroups</EM> options, which are used as follows:
</P>
<P>
<A NAME="IDX1025"></A>
For the <EM>aliasfile</EM> director they specify the uid and gid for local deliveries
generated directly -- that is, deliveries to pipes or files. They have no
effect on generated addresses that are processed independently.
</P>
<P>
<A NAME="IDX1026"></A>
The <EM>forwardfile</EM> director's <EM>check_local_user</EM> option causes a password file
lookup for the local part of an address. The uid and gid obtained from this
lookup are used for any directly generated local deliveries, but they can be
overridden by the <EM>group</EM> and <EM>user</EM> options of the director. As for
<EM>aliasfile</EM>, these values are not used for generated addresses that are
processed independently.
</P>
<P>
<A NAME="IDX1027"></A>
The <EM>localuser</EM> director looks up local parts in the password file, and sets
the uid and gid from that file for local deliveries, but these values can be
overridden by the director's options.
</P>
<P>
<A NAME="IDX1028"></A>
For the <EM>smartuser</EM> director and all the routers, the <EM>group</EM>, <EM>user</EM>, and
<EM>initgroups</EM> options are used only if the driver sets up a delivery to a local
transport.
</P>
<H2><A NAME="SEC400" HREF="spec_toc.html#TOC400">13.2 Current and home directories</A></H2>
<P>
<A NAME="IDX1029"></A>
<A NAME="IDX1030"></A>
The <EM>pipe</EM> transport has a <EM>home_directory</EM> option. If this is set, it
overrides any home directory set by the director for the address. The value of
the home directory is set in the environment variable HOME while running
the pipe. It need not be set, in which case HOME is not defined.
</P>
<P>
The <EM>appendfile</EM> transport does not have a <EM>home_directory</EM> option. The only
uses for a home directory in this transport are the appearance of the expansion
variable $<EM>home</EM> in one of its options, and the `inhome' or `belowhome'
settings of the <EM>create_file</EM> option. In both cases the value set by the
director is used.
</P>
<P>
<A NAME="IDX1031"></A>
<A NAME="IDX1032"></A>
The <EM>appendfile</EM> and <EM>pipe</EM> transports have a <EM>current_directory</EM> option. If
this is set, it overrides any current directory set by the director for the
address. If neither the director nor the transport sets a current directory,
then Exim uses the value of the home directory, if set. Otherwise it sets the
current directory to `/' before running a local transport.
</P>
<P>
<A NAME="IDX1033"></A>
<A NAME="IDX1034"></A>
<A NAME="IDX1035"></A>
All directors have <EM>current_directory</EM> and <EM>home_directory</EM> options, which
are associated with any addresses they explicitly direct to a local transport.
</P>
<P>
For <EM>forwardfile</EM>, if <EM>home_directory</EM> is not set and there is a
<EM>file_directory</EM> value, that is used instead. If it too is not set, but
<EM>check_local_user</EM> is set, the user's home directory is used. For
<EM>localuser</EM>, if <EM>home_directory</EM> is not set, the home directory is taken from
the password file entry that this director looks up. There are no defaults for
<EM>current_directory</EM> in the directors, because it defaults to the value of
<EM>home_directory</EM> if it is not set at transport time.
</P>
<P>
Routers have no means of setting up home and current directory strings;
consequently any local transport that they use must specify them for itself if
they are required.
</P>
<H2><A NAME="SEC401" HREF="spec_toc.html#TOC401">13.3 Expansion variables derived from the address</A></H2>
<P>
Normally a local delivery is handling a single address, and in that case the
variables such as $<EM>domain</EM> and $<EM>local_part</EM> are set during local
deliveries. However, in some circumstances more than one address may be handled
at once (for example, while writing batch SMTP for onward transmission by some
other means). In this case, the variables associated with the local part are
never set, $<EM>domain</EM> is set only if all the addresses have the same
domain, and $<EM>original_domain</EM> is never set.
</P>
<P><HR><P>
Go to the <A HREF="spec_1.html">first</A>, <A HREF="spec_12.html">previous</A>, <A HREF="spec_14.html">next</A>, <A HREF="spec_59.html">last</A> section, <A HREF="spec_toc.html">table of contents</A>.
</BODY>
</HTML>
|
