Exim processes running as root and mailnull

Escaflowne

Active Member
May 5, 2004
40
0
156
PL
Hello!

Here's a simple question (simple, but I can't seem to find the answer): why are some of exim's processes running as user mailnull and some as user root?

And here's a bonus question: is this normal?

Exim 4.62 on a FreeBSD 4.9 box.
 

websupport

Well-Known Member
Jun 24, 2006
92
0
156
Don't worry

Hello,

It's important to know what processes are running on your server, so you can
spot any abnormalities and potential security breaches.

Root and mailnull are the normal processes. Don't worry about it.
mailnull is a mail user account, used for exim.

:)
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
It is normal. Like several server daemons (such as httpd) they have an initial process that runs up under the root account so that they can access the necessary system files. They then launch child processes under a non-priveleged user account for the processing work. The reason they do this is simple - security. Because these processes usually process data derived from an untrusted source, i.e. the internet, should then ever be compromised, then the hacker would usually only have access to the non-privileged account instead of the root account.