Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3E5B8599.B853407A@ieee.org>
Date: Tue, 25 Feb 2003 10:02:49 -0500
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Jason Tishler <jason AT tishler DOT net>
CC: cygwin AT cygwin DOT com
Subject: Re: exim 4.12-3 winsock problem (was Re: 1.3.21)
References: <20030221153741 DOT GA26756 AT redhat DOT com>
	 <20030221180822 DOT GB1408 AT tishler DOT net> <3E566E49 DOT 53BE7CBE AT ieee DOT org>
	 <20030221191209 DOT GE1408 AT tishler DOT net> <20030224200201 DOT GA2348 AT tishler DOT net>
	 <3E5A8939 DOT CE055B7F AT ieee DOT org> <20030224215244 DOT GA2612 AT tishler DOT net>
	 <3E5A998A DOT 51607934 AT ieee DOT org> <20030225114401 DOT GA1876 AT tishler DOT net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Jason Tishler wrote:

> > Could you run  exim -bd -d -c  (skip the -q15m for simplicity) and
> > look at the output. If nothing is obvious, send it to me I will
> > compare it with the output of a local run.
> 
> See attached for a 4.10-2 and 4.12-3 run.
>
Jason
 
4.10-2:
changed uid/gid: running as a daemon
  uid=1008 gid=1009
  auxiliary group list: 513 544 545 1009

4.12-3
changed uid/gid: forcing real = effective
  uid=1008 gid=1009 pid=2024
  auxiliary group list: 1009

We see that setgroups is active in 4.12-3 and that
supplementary groups were shed.
I suspect that somewhere winsock requires 544 or
545 (e.g. is not happy with Everyone + 1009 alone).

I don't know if it's because of a file access issue
or because of a Windows privilege (privileges depend
on group membership). Look at your local security
policy, perhaps you will see something interesting.
From the error code, it looks like the winsock designers 
never thought this could happen.

So I suggest a simple test: edit /etc/passwd and change
the gid of the exim user to 545, then run again.

By the way, I am not sure what you try to achieve running
the exim daemon as a special exim user.

Also, it may be just fine to run the daemon with gid 545
but do deliveries with gid 1009. That's controlled 
from /etc/exim.conf, group = mail in the local_delivery
transport.
The issue with that approach is if exim execs itself: it
will then be unprivileged with uid 1008 and gid 545 and
wouldn't be able to make local deliveries.

I have another question: when you run under strace are 
things fine or do you hit another error? 

Pierre

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/