Raymond Li: > Hello, > > Currently Postfix doesn't document that the nobody user runs piped > commands by default. The following patch amends that.
That is the case when the aliases file is owned by root; Postfix supports aliases and :include: files that are owned by other users and chooses delivery rights accordingly. There is a more precise description in the local(8) manpage: DELIVERY RIGHTS Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf the delivery is made. In the absence of a user context, the local(8) daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter. This is why the aliases file defers to the local(8) manpage: /file/name Mail is appended to /file/name. See local(8) for details of de- livery to file. |command Mail is piped into command. Commands that contain special char- acters, such as whitespace, should be enclosed between double quotes. See local(8) for details of delivery to command. I'll replace these rather unspecific pointers with more specific pointers to "EXTERNAL FILE DELIVERY", "EXTERNAL COMMAND DELIVERY", and "DELIVERY RIGHTS" in the local(8) documentation. There is a lot of relevant information that should not be duplicated. Wietse > --- > postfix/man/man5/aliases.5 | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5 > index 628b5d75..c041be11 100644 > --- a/postfix/man/man5/aliases.5 > +++ b/postfix/man/man5/aliases.5 > @@ -85,6 +85,8 @@ mailed back to the sender. The file > \fB/usr/include/sysexits.h\fR > defines the expected exit status codes. For example, use > \fB"|exit 67"\fR to simulate a "user unknown" error, and > \fB"|exit 0"\fR to implement an expensive black hole. > +.sp > +Note that the command is run as the user \fBnobody\fR by default. > .IP \fB:include:\fI/file/name\fR > Mail is sent to the destinations listed in the named file. > Lines in \fB:include:\fR files have the same syntax > -- > 2.37.1 > > --- > Best, > Raymond Li >