On 2019-03-24 5:46 p.m., Wietse Venema wrote: > Simon Deziel: >> I can think of 2 ways to workaround this. One is to tell Apparmor to >> grant the tlsproxy process the needed capability and the other is to >> have the $queue_directory/private directory perms set to 0710 with the >> same owner/group. > > Sorry, changes to Postfix permissions are not supported. > > You are welcome to configure AppArmor etc. so that they will not > break legitimate operation of Postfix, but such configuration is > considered platform-specific, and outside the scope of Postfix.
Apparmor is what highlighted the reliance on capabilities that seemed avoidable with a group search bit on the private dir so I wanted to hear the opinion of experts. I'm well aware that adding Apparmor or diverging from the default perms means I'm on my own, sorry if that was off-topic for postfix-users@. Regards, Simon
