Loading ...
Sorry, an error occurred while loading the content.

filter user permissions question

Expand Messages
  • kclair
    Hello, I m trying to use a content filter using an external command via master.cf. I can t really wrap my head around the permissions problems that I m
    Message 1 of 5 , Oct 31, 2006
    • 0 Attachment
      Hello,

      I'm trying to use a content filter using an external command via
      master.cf. I can't really wrap my head around the permissions
      problems that I'm seeing, and I'm wondering if anyone can shed any
      light on it.

      The line(s) in master.cf:
      filter unix - n n - 10 pipe
      flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} --
      ${recipient}

      This should be executing this command as the user "filter", right?

      The permissions of the script:
      -rwxr-x--- 1 root filter 1123 2006-10-31 14:13 filter.sh

      The entry in the group file:
      filter:x:1029:filter

      The postfix error:
      Command died with status 1: "/usr/local/anomy/filter.sh". Command
      output: pipe: fatal: pipe_command: execvp
      /usr/local/anomy/filter.sh: Permission denied

      Running a test message through the filter.sh script as the user filter
      executes with no problem.

      I was completely convinced that postfix was not executing this
      command as the user "filter", so I made a test script to spit out the
      current uid. This had some very interesting results which were that:
      a) the command is indeed running as the user filter
      b) the command encountered the same error as filter.sh when it had the
      same permissions as filter.sh -- i.e. it would only run with 0755
      permissions.

      So, I changed /usr/local/anomy/filter.sh to be 0755. In this case, the
      postfix error is:
      temporary failure. Command output: /usr/local/anomy/filter.sh: line 35:
      cd: /var/spool/filter: Permission
      denied /var/spool/filter does not exist

      Yet:
      drwxrwx--- 3 root filter 4096 2006-10-31 15:29 /var/spool/filter

      So now I do not understand why, if this command is really being run as
      the user filter, it does not seem to execute with the same permissions
      as when executed as the user filter from the command line.
      The server is not running SELinux.

      Have I overlooked something completely obvious here?

      Postfix version is 2.2.10.

      Thanks,
      Kristina
    • Wietse Venema
      ... This file is executable if: the process has the NUMERICAL uid of the root USER. the process has the NUMERICAL gid of the filter GROUP. Nowhere does it say
      Message 2 of 5 , Oct 31, 2006
      • 0 Attachment
        kclair:
        > Hello,
        >
        > I'm trying to use a content filter using an external command via
        > master.cf. I can't really wrap my head around the permissions
        > problems that I'm seeing, and I'm wondering if anyone can shed any
        > light on it.
        >
        > The line(s) in master.cf:
        > filter unix - n n - 10 pipe
        > flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} --
        > ${recipient}
        >
        > This should be executing this command as the user "filter", right?
        >
        > The permissions of the script:
        > -rwxr-x--- 1 root filter 1123 2006-10-31 14:13 filter.sh

        This file is executable if:

        the process has the NUMERICAL uid of the root USER.

        the process has the NUMERICAL gid of the filter GROUP.

        Nowhere does it say that a process with the numerical
        uid of the filter USER has execute permission.

        Wietse
      • kclair
        ... But the filter user is part of the filter group, so shouldn t that grant the filter user permission to execute the file? And also, when I run the program
        Message 3 of 5 , Nov 1, 2006
        • 0 Attachment
          On Tue, Oct 31, 2006 at 06:44:07PM -0500, Wietse Venema wrote:
          > kclair:
          > > Hello,
          > >
          > > I'm trying to use a content filter using an external command via
          > > master.cf. I can't really wrap my head around the permissions
          > > problems that I'm seeing, and I'm wondering if anyone can shed any
          > > light on it.
          > >
          > > The line(s) in master.cf:
          > > filter unix - n n - 10 pipe
          > > flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} --
          > > ${recipient}
          > >
          > > This should be executing this command as the user "filter", right?
          > >
          > > The permissions of the script:
          > > -rwxr-x--- 1 root filter 1123 2006-10-31 14:13 filter.sh
          >
          > This file is executable if:
          >
          > the process has the NUMERICAL uid of the root USER.
          >
          > the process has the NUMERICAL gid of the filter GROUP.
          >
          > Nowhere does it say that a process with the numerical
          > uid of the filter USER has execute permission.

          But the filter user is part of the filter group, so shouldn't that
          grant the filter user permission to execute the file?

          And also, when I run the program from the command line as the user
          filter, it executes with no permissions problem.

          I guess I am not understanding why it is different when it is
          executed by postfix. Does it not matter in that case that user filter
          is part of group filter?

          Thanks,
          Kristina
        • Victor Duchovni
          ... Only if this is the primary group of the user or you use the (pipe(8) manual) documented syntax for specifying the group you want: ... user=user:group
          Message 4 of 5 , Nov 1, 2006
          • 0 Attachment
            On Wed, Nov 01, 2006 at 08:51:36AM -0500, kclair wrote:

            > On Tue, Oct 31, 2006 at 06:44:07PM -0500, Wietse Venema wrote:
            > > kclair:
            > > > Hello,
            > > >
            > > > I'm trying to use a content filter using an external command via
            > > > master.cf. I can't really wrap my head around the permissions
            > > > problems that I'm seeing, and I'm wondering if anyone can shed any
            > > > light on it.
            > > >
            > > > The line(s) in master.cf:
            > > > filter unix - n n - 10 pipe
            > > > flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} --
            > > > ${recipient}
            > > >
            > > > This should be executing this command as the user "filter", right?
            > > >
            > > > The permissions of the script:
            > > > -rwxr-x--- 1 root filter 1123 2006-10-31 14:13 filter.sh
            > >
            > > This file is executable if:
            > >
            > > the process has the NUMERICAL uid of the root USER.
            > >
            > > the process has the NUMERICAL gid of the filter GROUP.
            > >
            > > Nowhere does it say that a process with the numerical
            > > uid of the filter USER has execute permission.
            >
            > But the filter user is part of the filter group, so shouldn't that
            > grant the filter user permission to execute the file?

            Only if this is the primary group of the user or you use the (pipe(8)
            manual) documented syntax for specifying the group you want:

            ... user=user:group argv=...

            Secondary groups are not assigned when Postfix delivers mail to programs.

            --
            Viktor.

            Disclaimer: off-list followups get on-list replies or get ignored.
            Please do not ignore the "Reply-To" header.

            To unsubscribe from the postfix-users list, visit
            http://www.postfix.org/lists.html or click the link below:
            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

            If my response solves your problem, the best way to thank me is to not
            send an "it worked, thanks" follow-up. If you must respond, please put
            "It worked, thanks" in the "Subject" so I can delete these quickly.
          • Wietse Venema
            ... Is the NUMERICAL gid of the filter USER equal to the NUMERICAL gid of the filter GROUP? Wietse
            Message 5 of 5 , Nov 1, 2006
            • 0 Attachment
              kclair:
              > On Tue, Oct 31, 2006 at 06:44:07PM -0500, Wietse Venema wrote:
              > > kclair:
              > > > Hello,
              > > >
              > > > I'm trying to use a content filter using an external command via
              > > > master.cf. I can't really wrap my head around the permissions
              > > > problems that I'm seeing, and I'm wondering if anyone can shed any
              > > > light on it.
              > > >
              > > > The line(s) in master.cf:
              > > > filter unix - n n - 10 pipe
              > > > flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} --
              > > > ${recipient}
              > > >
              > > > This should be executing this command as the user "filter", right?
              > > >
              > > > The permissions of the script:
              > > > -rwxr-x--- 1 root filter 1123 2006-10-31 14:13 filter.sh
              > >
              > > This file is executable if:
              > >
              > > the process has the NUMERICAL uid of the root USER.
              > >
              > > the process has the NUMERICAL gid of the filter GROUP.
              > >
              > > Nowhere does it say that a process with the numerical
              > > uid of the filter USER has execute permission.
              >
              > But the filter user is part of the filter group, so shouldn't that
              > grant the filter user permission to execute the file?

              Is the NUMERICAL gid of the filter USER equal to the
              NUMERICAL gid of the filter GROUP?

              Wietse
            Your message has been successfully submitted and would be delivered to recipients shortly.