exim: set User= but run as root

LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=.  As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.

[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
This commit is contained in:
tv 2022-01-04 20:30:02 +01:00
parent d7edeeac50
commit e82cbd6f35

View File

@ -65,8 +65,9 @@ in {
config.environment.etc."exim.conf".source
];
serviceConfig = {
ExecStart = "${pkgs.exim}/bin/exim -bdf -q30m";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStart = "+${pkgs.exim}/bin/exim -bdf -q30m";
ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = cfg.user.name;
};
wantedBy = [ "multi-user.target" ];
};