I use Exim on FreeBSD which runs as (mailnull, mail) I have a private SSL key for this host, protected by a group.
# ls -l /etc/ssl/local.key -rw-r----- 1 root ssl 1679 Oct 14 2018 /etc/ssl/local.key Applications can use the private key either because they: a) start as root, and drop priviledges b) are in the 'ssl' unix group For Exim, (a) is fine and works for tls_privatekey. But now I am enabling DKIM, I find the file cannot be read: unable to open file for reading: /etc/ssl/local.key Presumably this is after switching root->mailnull. Adding 'mailnull' to the 'ssl' group dooesn't work; seemingly because exim doesn't call initgroups(). Should it? What's the best practice here? I don't want to make the private key 'world' readable to all users on the host. Thanks -- Mark -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
