[PATCH] docs: Fix note about the required Postfix rights
Daniel Axtens
dja at axtens.net
Tue Oct 29 17:06:27 AEDT 2019
Hi Ali,
> The permissions for the user running the postfix process are
> not the ones used for external file or command delivery by default.
> The ones defined by default_privs are (in case the aliases(5) file
> that is owned by root was being used). A privileged user or the
> postfix owner should not be used in this case.
>
> See http://www.postfix.org/postconf.5.html#default_privs and
> local(8).
>
> Signed-off-by: Ali Alnubani <alialnu at mellanox.com>
> ---
> docs/deployment/installation.rst | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/docs/deployment/installation.rst b/docs/deployment/installation.rst
> index c086d9a..cd5e102 100644
> --- a/docs/deployment/installation.rst
> +++ b/docs/deployment/installation.rst
> @@ -617,11 +617,11 @@ they can be loaded as seen below:
>
> .. note::
>
> - This assumes your Postfix process is running as the ``nobody`` user. If
> - this is not correct (use of ``postfix`` user is also common), you should
> - change both the username in the ``createuser`` command above and substitute
> - the username in the ``grant-all-postgres.sql`` script with the appropriate
> - alternative.
> + This assumes that you are using the aliases(5) file that is owned by root,
> + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If
> + this is not the case, you should change both the username in the ``createuser``
> + command above and substitute the username in the ``grant-all-postgres.sql``
> + script with the appropriate alternative.
>
I think this is now the third time I've tried to review this, and I
think it's finally starting to make sense.
Is there any way local(8) could be invoked with a user other than the
one specified in default_privs?
btw, it should be grant-all.postgres.sql (a . not a - between all and
postgres) but if this doesn't need a respin I can fix that when I apply
it.
Regards,
Daniel
> __ http://www.postfix.org/
>
> --
> 2.11.0
>
> _______________________________________________
> Patchwork mailing list
> Patchwork at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/patchwork
More information about the Patchwork
mailing list