I have a system which the root user name is not root, that makes those "find -user root" commands spam false positives at postfix startup, It would be possible to change to "-user 0" instead, but that would generate false positives whenever there's a user named 0 in the system. In this system there's -uid option in find (coreutils find), but I found that this option is not in POSIX find manual thus I assume it would break the script on BSDs systems. (I didn't tested this patch in such system tho)
The patch is a little clumsy and inefficient since it needs to exec ls for every file it finds, but there's not many of them and in my tests it didn't impact the overall startup time. I'm not very skilled writing portable scripts so if you better, let know. BR. -w
diff --git conf/postfix-script conf/postfix-script index c43d764fb..f894467aa 100755 --- conf/postfix-script +++ conf/postfix-script @@ -307,8 +307,12 @@ check-warn) # Check Postfix root-owned directory owner/permissions. find $queue_directory/. $queue_directory/pid \ - -prune ! -user root \ - -exec $WARN not owned by root: {} \; + -prune -exec ls -nd {} \; | + while read -r _ _ uid _ _ _ _ _ file; do + if [ $uid -nt 0 ]; then + $WARN not owned by root: $file + fi + done find $queue_directory/. $queue_directory/pid \ -prune \( -perm -020 -o -perm -002 \) \ @@ -324,8 +328,12 @@ check-warn) } todo=`echo "$todo" | tr ' ' '\12' | sort -u` - find $todo ! -user root \ - -exec $WARN not owned by root: {} \; + find $todo -exec ls -nd {} \; | + while read -r _ _ uid _ _ _ _ _ file; do + if [ $uid -eq 1 ]; then + $WARN not owned by root: $file + fi + done find $todo \( -perm -020 -o -perm -002 \) \ -exec $WARN group or other writable: {} \; @@ -371,8 +379,12 @@ check-warn) for dir in bin etc lib sbin usr do test -d $dir && { - find $dir ! -user root \ - -exec $WARN not owned by root: $queue_directory/{} \; + find $dir -exec ls -nd {} | + while read -r _ _ uid _ _ _ _ _ file; do + if [ $uid -nt 0 ]; then + $WARN not owned by root: $file + fi + done find $dir -type f -print | while read path do
_______________________________________________ Postfix-devel mailing list -- postfix-devel@postfix.org To unsubscribe send an email to postfix-devel-le...@postfix.org