+NOTE: immediatly after opening the configuration file we change the working
+directory to "/"! Later we change to $spool_directory. We do it there, because
+during readconf_main() some expansion takes place already. */
+
+/* Store the initial cwd before we change directories */
+if ((initial_cwd = os_getcwd(NULL, 0)) == NULL)
+ {
+ perror("exim: can't get the current working directory");
+ exit(EXIT_FAILURE);
+ }
+
+/* checking:
+ -be[m] expansion test -
+ -b[fF] filter test new
+ -bh[c] host test -
+ -bmalware malware_test_file new
+ -brt retry test new
+ -brw rewrite test new
+ -bt address test -
+ -bv[s] address verify -
+ list_options:
+ -bP <option> (except -bP config, which sets list_config)
+
+If any of these options is set, we suppress warnings about configuration
+issues (currently about tls_advertise_hosts and keep_environment not being
+defined) */
+
+readconf_main(checking || list_options);
+
+/* Now in directory "/" */
+
+if (cleanup_environment() == FALSE)
+ log_write(0, LOG_PANIC_DIE, "Can't cleanup environment");
+
+
+/* If an action on specific messages is requested, or if a daemon or queue
+runner is being started, we need to know if Exim was called by an admin user.
+This is the case if the real user is root or exim, or if the real group is
+exim, or if one of the supplementary groups is exim or a group listed in
+admin_groups. We don't fail all message actions immediately if not admin_user,
+since some actions can be performed by non-admin users. Instead, set admin_user
+for later interrogation. */
+
+if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid)
+ admin_user = TRUE;
+else
+ {
+ int i, j;
+ for (i = 0; i < group_count; i++)
+ {
+ if (group_list[i] == exim_gid) admin_user = TRUE;
+ else if (admin_groups != NULL)
+ {
+ for (j = 1; j <= (int)(admin_groups[0]); j++)
+ if (admin_groups[j] == group_list[i])
+ { admin_user = TRUE; break; }
+ }
+ if (admin_user) break;
+ }
+ }
+
+/* Another group of privileged users are the trusted users. These are root,
+exim, and any caller matching trusted_users or trusted_groups. Trusted callers
+are permitted to specify sender_addresses with -f on the command line, and
+other message parameters as well. */
+
+if (real_uid == root_uid || real_uid == exim_uid)
+ trusted_caller = TRUE;
+else
+ {
+ int i, j;
+
+ if (trusted_users != NULL)
+ {
+ for (i = 1; i <= (int)(trusted_users[0]); i++)
+ if (trusted_users[i] == real_uid)
+ { trusted_caller = TRUE; break; }
+ }
+
+ if (!trusted_caller && trusted_groups != NULL)
+ {
+ for (i = 1; i <= (int)(trusted_groups[0]); i++)
+ {
+ if (trusted_groups[i] == real_gid)
+ trusted_caller = TRUE;
+ else for (j = 0; j < group_count; j++)
+ {
+ if (trusted_groups[i] == group_list[j])
+ { trusted_caller = TRUE; break; }
+ }
+ if (trusted_caller) break;
+ }
+ }
+ }