Loading ...
Sorry, an error occurred while loading the content.

groups other than the primary one are ignored

Expand Messages
  • jonny@mail.hfa3.org
    If my .forward contains: /tmp/test/maildir/ And /tmp/test is owned by another user: $ ls -lrtd /tmp/test drwxrwx--- 2 root users 6 2009-09-01 19:19 /tmp/test
    Message 1 of 2 , Sep 1, 2009
    • 0 Attachment
      If my .forward contains:
      /tmp/test/maildir/
      And /tmp/test is owned by another user:
      $ ls -lrtd /tmp/test
      drwxrwx--- 2 root users 6 2009-09-01 19:19 /tmp/test
      And I belong to the following groups (notice I belong to users, but my
      primary group is wheel):
      $ id -n -G
      wheel floppy audio video cdrom fuse plugdev scanner users
      And my user id is jonny:
      $ id -n -u
      jonny

      Then, when mail is sent to jonny, it bounces, and in /var/mail.log I
      get:

      Sep 1 19:36:57 (none) postfix/local[5730]: warning: maildir access problem for UID/GID=1000/10: create maildir file /tmp/test/maildir/tmp/1251859017.P5730.augustine: Permission denied
      Sep 1 19:36:57 (none) postfix/local[5730]: warning: perhaps you need to create the maildirs in advance
      Sep 1 19:36:57 (none) postfix/bounce[5738]: 511C3A13D87: sender non-delivery notification: 6F8E0A13D89
      Sep 1 19:36:57 (none) postfix/qmgr[5333]: 511C3A13D87: removed
      Sep 1 19:36:57 (none) postfix/local[5730]: 6F8E0A13D89: to=<jonny@...>, relay=local, delay=0.1, delays=0.03/0/0/0.06, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /tmp/test/maildir/tmp/1251859017.P5730.augustine: Permission denied)

      I think this may be by intention, as I find in set_ugid.c:
      /* set_ugid() sets the real, effective and saved user and group process
      /* attributes and updates the process group access list to be just the
      /* user's primary group. This operation is irreversible.

      I worked around the issue by doing:

      $ sudo chown jonny /tmp/test

      Having postfix pay attention to all the user's groups would be a nice
      feature. It is not important for me any longer, now that I understand
      postfix only uses the primary group id, but it may save some other
      person some hunting in the future.
    • Sahil Tandon
      ... This topic has been discussed many times on the list. Search the archives. For example: http://article.gmane.org/gmane.mail.postfix.user/133410. -- Sahil
      Message 2 of 2 , Sep 1, 2009
      • 0 Attachment
        On Tue, 01 Sep 2009, jonny@... wrote:

        > /* set_ugid() sets the real, effective and saved user and group process
        > /* attributes and updates the process group access list to be just the
        > /* user's primary group. This operation is irreversible.
        >
        > Having postfix pay attention to all the user's groups would be a nice
        > feature. It is not important for me any longer, now that I understand
        > postfix only uses the primary group id, but it may save some other
        > person some hunting in the future.

        This topic has been discussed many times on the list. Search the archives.
        For example: http://article.gmane.org/gmane.mail.postfix.user/133410.

        --
        Sahil Tandon <sahil@...>
      Your message has been successfully submitted and would be delivered to recipients shortly.