Hi Daniel, > -----Original Message----- > From: Daniel Axtens <d...@axtens.net> > Sent: Tuesday, October 29, 2019 8:06 AM > To: Ali Alnubani <alia...@mellanox.com>; patchwork@lists.ozlabs.org > Cc: Thomas Monjalon <tho...@monjalon.net> > Subject: Re: [PATCH] docs: Fix note about the required Postfix rights > > Hi Ali, > > > The permissions for the user running the postfix process are not the > > ones used for external file or command delivery by default. > > The ones defined by default_privs are (in case the aliases(5) file > > that is owned by root was being used). A privileged user or the > > postfix owner should not be used in this case. > > > > See http://www.postfix.org/postconf.5.html#default_privs and local(8). > > > > Signed-off-by: Ali Alnubani <alia...@mellanox.com> > > --- > > docs/deployment/installation.rst | 10 +++++----- > > 1 file changed, 5 insertions(+), 5 deletions(-) > > > > diff --git a/docs/deployment/installation.rst > > b/docs/deployment/installation.rst > > index c086d9a..cd5e102 100644 > > --- a/docs/deployment/installation.rst > > +++ b/docs/deployment/installation.rst > > @@ -617,11 +617,11 @@ they can be loaded as seen below: > > > > .. note:: > > > > - This assumes your Postfix process is running as the ``nobody`` user. If > > - this is not correct (use of ``postfix`` user is also common), you should > > - change both the username in the ``createuser`` command above and > substitute > > - the username in the ``grant-all-postgres.sql`` script with the > > appropriate > > - alternative. > > + This assumes that you are using the aliases(5) file that is owned by > > root, > > + and that Postfix's ``default_privs`` configuration is set as > > ``nobody``. If > > + this is not the case, you should change both the username in the > ``createuser`` > > + command above and substitute the username in the ``grant-all- > postgres.sql`` > > + script with the appropriate alternative. > > > > I think this is now the third time I've tried to review this, and I think > it's finally > starting to make sense. > > Is there any way local(8) could be invoked with a user other than the one > specified in default_privs?
Yes. It's possible with user-level aliasing. You can create an aliases file that is owned by that user and added to alias_maps, or use the default forward_path (usually $home/.forward) http://www.postfix.org/local.8.html http://www.postfix.org/postconf.5.html#forward_path > > btw, it should be grant-all.postgres.sql (a . not a - between all and > postgres) but if this doesn't need a respin I can fix that when I apply it. Thanks. Regards, Ali _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
