On Sun, Jan 02, 2022 at 08:10:06PM -0500, Ken Wright <daddywarl...@gmail.com>
wrote:
> On Sun, 2022-01-02 at 19:40 -0500, Wietse Venema wrote:
> > Sorry, I mis-typed 'postqueue'.
> >
> > Try this instead.
> >
> > Here is what happens on my system.
> >
> > As root:
> >
> > # chmod g-s /usr/sbin/postqueue
> > # ls -l /usr/sbin/postqueue
> > -rwxr-xr-x 1 root postdrop 60072 Dec 23 18:08 /usr/sbin/postqueue
>
> I got:
>
> -r-xr-xr-x 1 root postdrop 22760 Sep 7 02:58 /usr/sbin/postqueue
>
> > # chmod 777 /var/spool/postfix/public
> > # ls -ld /var/spool/postfix/public /var/spool/postfix/public/showq
> > drwxrwxrwx. 2 postfix postdrop 4096 Jan 2 18:30
> > /var/spool/postfix/public
> > srw-rw-rw- 1 postfix postfix 0 Jan 2 18:30
> > /var/spool/postfix/public/showq
>
> drwxrwsrwx 2 postfix postdrop 88 Jan 2 17:46 /var/spool/postfix/public
> srw-rw-rw- 1 postfix postdrop 0 Jan 2 17:46
> /var/spool/postfix/public/showq
>
> > # su wietse
> >
> > As non-root:
> >
> > wzv$ strace -e connect postqueue -p |& grep showq
> > connect(4, {sa_family=AF_UNIX, sun_path="public/showq"}, 110) = 0
>
> -bash: syntax error near unexpected token `4,'
>
> > wzv$ exit
>
> wzv$: command not found
Note: The errors above are due to copying and pasting
the command prompt ("wzv$") and the strace output (i.e.
connect...) along with the commands themselves. Your
shell was trying to execute those things as though they
were shell commands, but they're not. You have to
execute only the actual commands:
strace -e connect postqueue -p |& grep showq
and:
exit
> > Back as root:
> >
> > # chmod 710 /var/spool/postfix/public
> > # ls -ld /var/spool/postfix/public
> > drwx--x---. 2 postfix postdrop 4096 Jan 2 18:30
> > /var/spool/postfix/public
>
> drwx--s--- 2 postfix postdrop 88 Jan 2 17:46 /var/spool/postfix/public
>
> > # chmod g+s /usr/sbin/postqueue
> > # ls -l /usr/sbin/postqueue
> > -rwxr-sr-x 1 root postdrop 60072 Dec 23 18:08 /usr/sbin/postqueue
>
> -r-xr-sr-x 1 root postdrop 22760 Sep 7 02:58 /usr/sbin/postqueue
>
>
> Are those missing write permissions the cause of my problems?
>
> Ken
It doesn't look like it. My /var/spool/postfix/public
is also drwx--s--- so that group postdrop can access
things inside it, and postqueue is -r-xr-sr-x so it
runs as group postdrop.
Your permissions look correct. The usual reason for
correct permissions not working is, as Wietse said,
AppArmor or selinux getting in the way.
If you installed auditd, and then examined
/var/log/audit/* to see what AppArmor is blocking, and
found nothing at all that might be Postfix-related,
then it's a mystery. Selinux logs go into /var/log/audit/*
as well, but its logs use lower case "denied" rather than
upper case "DENIED" like AppArmor does, so check for that
as well. But you'd probably know if selinux was active.
good luck,
raf
