Olli Artemjev wrote:
>
> Hi.
>
> If I do 'chown .login / ; chmod 750 /', then even when postfix is a member
> of 'login' group & postfix mail delivery user is a member of 'login' too
> local mail delivery to user (user is member of 'login') the local delivery
> fails being unable to access files. If I do then 'chmod 755 /' - delivery
> is going OK. Thus the local delivery (some part?) is going without
> applying membership of all groups that postfix users & system user (it
> delivers to) are in.
>
> The question is 'where is the bug?'. I mean that either postfix should
> apply all group-membership to its local delivery agent, either the
> postfix documentation must tell that this way is wrong (or insecure) & the
> above server configuration should never exist.

It's not a bug, it's feature. Postfix wasn't designed to run on systems
with strange configuration/requiriments, like your case. Local delivery
agent does NOT calls initgroups() to initialize supplement user's grpoups --
this is because of possible *huge* slowness of such operation. For almost
all operations it's sufficient to set only primary group. With sendmail,
one have control on this via some configuration parameter (call_initgroups
or something, don't remember). This exact question was discussed some
(long) time ago on this list (and even my big archive missed this!).
With your particular problem, *all* users including postfix should be
members of `login' group for postfix to work, and this isn't a desired
solution as I understand.

In short (and I expect similar answer from Wietse): postfix was not designed
to run on systems with strange configuration, it works in more-or-less
standard environments.

Regards,
 Michael.

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]