-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bugfix: special bits for maildrop and public directory #3149
Conversation
After changing the group, special bits are lost, but they should be set for the directories `/var/spool/postfix/{maildrop,public}`, otherwise you see the following error: postfix/postdrop[17400]: warning: mail_queue_enter: create file maildrop/729504.17400: Permission denied This page: https://linux.m2osw.com/snapwebsites-postfixpostdrop18189-warning-mailqueueenter-create-file-maildrop25937318189-permission provides the solution to restoring the correct permissions.
How does EDIT: This was from me recalling removing They're explained in Postfix docs for anyone curious:
For reference Perhaps see if it works with |
I found this mailing list discussion from 8 years ago which directs us to
A long time ago there was a Postfix release announcement (2002) that mentioned No $ chgrp amavis /var/spool/postfix/{maildrop,public}
$ stat -c '%a %A %n' /var/spool/postfix/{maildrop,public}
1730 drwx-wx--T /var/spool/postfix/maildrop
2710 drwx--s--- /var/spool/postfix/public
$ ls -l /var/spool/postfix/ | grep -E 'maildrop|public'
drwx-wx--T 1 postfix amavis 6 Mar 5 03:03 maildrop
drwx--s--- 1 postfix amavis 110 Mar 5 03:28 public I looked into why, and it turns out that this is due to a syscall, so is dependent upon the kernel rather than anything we control within the container 🤔
I'm having trouble finding a source on the proposed I did find plenty of users reporting |
Officially Postfix source seems to imply: - `730` for `maildrop/` (_but has mentioned a sticky bit in the past, set-gid bit only for the postdrop binary involved_) - `710` for `public/`, which like `maildrop/` has the same group that needs SGID, that is `postdrop`. SGID special bit on`public/` doesn't seem necessary, but left as-is to match Debian default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
I've also included a reference to this PR since refactoring efforts have not made git blame
hunting a fun time 😅
Plenty of resources linked in this PR discussion to provide additional clarity (like the syscall gotcha) just in case future maintainers thought it was no longer needed 😅
Fix seems to be working on my setup ❤️ - I will monitor it though :) |
Turns out this issue was caused by |
Description
After changing the group, special bits are lost, but they should be set for the directories
/var/spool/postfix/{maildrop,public}
, otherwise you see the following error:The web page https://linux.m2osw.com/snapwebsites-postfixpostdrop18189-warning-mailqueueenter-create-file-maildrop25937318189-permission provides the solution to restoring the correct permissions.
This is a blocker for v12.0.0.
Type of change
Checklist:
docs/
)