Loading ...
Sorry, an error occurred while loading the content.

complementary groups for mail_owner

Expand Messages
  • Leo Baltus
    Hi, We just started rolling out 2.5.3. On starting up we see: fatal: open lock file $data_directory/master.lock This seems to be a result of (HISTORY):
    Message 1 of 3 , Jul 31, 2008
    • 0 Attachment
      Hi,

      We just started rolling out 2.5.3. On starting up we see:

      fatal: open lock file $data_directory/master.lock

      This seems to be a result of (HISTORY):
      20080220

      Safety: the master daemon now sets an exclusive lock on a
      file $data_directory/master.lock, so that the data directory
      can't be shared between multiple Postfix instances. This
      would corrupt files that rely on single-writer updates
      (examples: verify(8) cache, tlsmgr(8) caches, etc.). File:
      master/master.c.

      It appears that if the master sets the lock it does this as mail_owner but does
      not have its supplementary groups set, according to /etc/groups.

      Our $data_directory is a path consisting of several subdirectories, one
      of them having permissions 750 group set at a supplementary group.
      Group membership of this group gives access to sysadmins and
      cronjobs and such.

      I could set this group as the primary group for mail_owner, but that
      would break consistency as we embrace the idea of each uid having its own
      unique gid.

      Now, is there a compelling reason why mail_owner is not allowed to have
      supplementary groups?

      --
      Leo Baltus, internetbeheerder /\
      NPO ICT Internet Services /NPO/\
      Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \ /\/
      beheer@..., 035-6773555 \/
    • Wietse Venema
      Unfortunately (for you), Postfix currently does not use supplementary groups, anywhere. It s not a quick hack to change this. Wietse
      Message 2 of 3 , Jul 31, 2008
      • 0 Attachment
        Unfortunately (for you), Postfix currently does not use supplementary
        groups, anywhere. It's not a quick hack to change this.

        Wietse
      • Leo Baltus
        Hi Wietse, ... I can wait :-) Could you elaborate on this, is this a design decision you made? -- Leo Baltus, internetbeheerder / NPO
        Message 3 of 3 , Aug 1 2:15 AM
        • 0 Attachment
          Hi Wietse,

          Op 31/07/2008 om 11:52:18 -0400, schreef Wietse Venema:
          > Unfortunately (for you), Postfix currently does not use supplementary
          > groups, anywhere. It's not a quick hack to change this.
          >

          I can wait :-)

          Could you elaborate on this, is this a design decision you made?

          --
          Leo Baltus, internetbeheerder /\
          NPO ICT Internet Services /NPO/\
          Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \ /\/
          beheer@..., 035-6773555 \/
        Your message has been successfully submitted and would be delivered to recipients shortly.