Message ID | 20191021150616.16033-1-alialnu@mellanox.com |
---|---|
State | Accepted |
Headers | show |
Series | docs: Fix note about the required Postfix rights | expand |
Hi Ali, > The permissions for the user running the postfix process are > not the ones used for external file or command delivery by default. > The ones defined by default_privs are (in case the aliases(5) file > that is owned by root was being used). A privileged user or the > postfix owner should not be used in this case. > > See http://www.postfix.org/postconf.5.html#default_privs and > local(8). > > Signed-off-by: Ali Alnubani <alialnu@mellanox.com> > --- > docs/deployment/installation.rst | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/docs/deployment/installation.rst b/docs/deployment/installation.rst > index c086d9a..cd5e102 100644 > --- a/docs/deployment/installation.rst > +++ b/docs/deployment/installation.rst > @@ -617,11 +617,11 @@ they can be loaded as seen below: > > .. note:: > > - This assumes your Postfix process is running as the ``nobody`` user. If > - this is not correct (use of ``postfix`` user is also common), you should > - change both the username in the ``createuser`` command above and substitute > - the username in the ``grant-all-postgres.sql`` script with the appropriate > - alternative. > + This assumes that you are using the aliases(5) file that is owned by root, > + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If > + this is not the case, you should change both the username in the ``createuser`` > + command above and substitute the username in the ``grant-all-postgres.sql`` > + script with the appropriate alternative. > I think this is now the third time I've tried to review this, and I think it's finally starting to make sense. Is there any way local(8) could be invoked with a user other than the one specified in default_privs? btw, it should be grant-all.postgres.sql (a . not a - between all and postgres) but if this doesn't need a respin I can fix that when I apply it. Regards, Daniel > __ http://www.postfix.org/ > > -- > 2.11.0 > > _______________________________________________ > Patchwork mailing list > Patchwork@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/patchwork
Hi Daniel, > -----Original Message----- > From: Daniel Axtens <dja@axtens.net> > Sent: Tuesday, October 29, 2019 8:06 AM > To: Ali Alnubani <alialnu@mellanox.com>; patchwork@lists.ozlabs.org > Cc: Thomas Monjalon <thomas@monjalon.net> > Subject: Re: [PATCH] docs: Fix note about the required Postfix rights > > Hi Ali, > > > The permissions for the user running the postfix process are not the > > ones used for external file or command delivery by default. > > The ones defined by default_privs are (in case the aliases(5) file > > that is owned by root was being used). A privileged user or the > > postfix owner should not be used in this case. > > > > See http://www.postfix.org/postconf.5.html#default_privs and local(8). > > > > Signed-off-by: Ali Alnubani <alialnu@mellanox.com> > > --- > > docs/deployment/installation.rst | 10 +++++----- > > 1 file changed, 5 insertions(+), 5 deletions(-) > > > > diff --git a/docs/deployment/installation.rst > > b/docs/deployment/installation.rst > > index c086d9a..cd5e102 100644 > > --- a/docs/deployment/installation.rst > > +++ b/docs/deployment/installation.rst > > @@ -617,11 +617,11 @@ they can be loaded as seen below: > > > > .. note:: > > > > - This assumes your Postfix process is running as the ``nobody`` user. If > > - this is not correct (use of ``postfix`` user is also common), you should > > - change both the username in the ``createuser`` command above and > substitute > > - the username in the ``grant-all-postgres.sql`` script with the appropriate > > - alternative. > > + This assumes that you are using the aliases(5) file that is owned by root, > > + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If > > + this is not the case, you should change both the username in the > ``createuser`` > > + command above and substitute the username in the ``grant-all- > postgres.sql`` > > + script with the appropriate alternative. > > > > I think this is now the third time I've tried to review this, and I think it's finally > starting to make sense. > > Is there any way local(8) could be invoked with a user other than the one > specified in default_privs? Yes. It's possible with user-level aliasing. You can create an aliases file that is owned by that user and added to alias_maps, or use the default forward_path (usually $home/.forward) http://www.postfix.org/local.8.html http://www.postfix.org/postconf.5.html#forward_path > > btw, it should be grant-all.postgres.sql (a . not a - between all and > postgres) but if this doesn't need a respin I can fix that when I apply it. Thanks. Regards, Ali
On Tue, 2019-10-29 at 08:08 +0000, Ali Alnubani wrote: > Hi Daniel, > > > -----Original Message----- > > From: Daniel Axtens <dja@axtens.net> > > Sent: Tuesday, October 29, 2019 8:06 AM > > To: Ali Alnubani <alialnu@mellanox.com>; patchwork@lists.ozlabs.org > > Cc: Thomas Monjalon <thomas@monjalon.net> > > Subject: Re: [PATCH] docs: Fix note about the required Postfix rights > > > > Hi Ali, > > > > > The permissions for the user running the postfix process are not the > > > ones used for external file or command delivery by default. > > > The ones defined by default_privs are (in case the aliases(5) file > > > that is owned by root was being used). A privileged user or the > > > postfix owner should not be used in this case. > > > > > > See http://www.postfix.org/postconf.5.html#default_privs and local(8). > > > > > > Signed-off-by: Ali Alnubani <alialnu@mellanox.com> > > > --- > > > docs/deployment/installation.rst | 10 +++++----- > > > 1 file changed, 5 insertions(+), 5 deletions(-) > > > > > > diff --git a/docs/deployment/installation.rst > > > b/docs/deployment/installation.rst > > > index c086d9a..cd5e102 100644 > > > --- a/docs/deployment/installation.rst > > > +++ b/docs/deployment/installation.rst > > > @@ -617,11 +617,11 @@ they can be loaded as seen below: > > > > > > .. note:: > > > > > > - This assumes your Postfix process is running as the ``nobody`` user. If > > > - this is not correct (use of ``postfix`` user is also common), you should > > > - change both the username in the ``createuser`` command above and > > substitute > > > - the username in the ``grant-all-postgres.sql`` script with the appropriate > > > - alternative. > > > + This assumes that you are using the aliases(5) file that is owned by root, > > > + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If > > > + this is not the case, you should change both the username in the > > ``createuser`` > > > + command above and substitute the username in the ``grant-all- > > postgres.sql`` > > > + script with the appropriate alternative. > > > > > > > I think this is now the third time I've tried to review this, and I think it's finally > > starting to make sense. > > > > Is there any way local(8) could be invoked with a user other than the one > > specified in default_privs? > > Yes. It's possible with user-level aliasing. You can create an aliases file that is owned by that user and added to alias_maps, or use the default forward_path (usually $home/.forward) > http://www.postfix.org/local.8.html > http://www.postfix.org/postconf.5.html#forward_path > > > btw, it should be grant-all.postgres.sql (a . not a - between all and > > postgres) but if this doesn't need a respin I can fix that when I apply it. ngl, this doesn't make a whole lot of sense to me, but I trust that you've done your homework on this and that it's based on hard earned experience :) Reviewed-by: Stephen Finucane <stephen@that.guru> and applied (with the change noted by Daniel). > Thanks. > > Regards, > Ali
Stephen Finucane <stephen@that.guru> writes: > On Tue, 2019-10-29 at 08:08 +0000, Ali Alnubani wrote: >> Hi Daniel, >> >> > -----Original Message----- >> > From: Daniel Axtens <dja@axtens.net> >> > Sent: Tuesday, October 29, 2019 8:06 AM >> > To: Ali Alnubani <alialnu@mellanox.com>; patchwork@lists.ozlabs.org >> > Cc: Thomas Monjalon <thomas@monjalon.net> >> > Subject: Re: [PATCH] docs: Fix note about the required Postfix rights >> > >> > Hi Ali, >> > >> > > The permissions for the user running the postfix process are not the >> > > ones used for external file or command delivery by default. >> > > The ones defined by default_privs are (in case the aliases(5) file >> > > that is owned by root was being used). A privileged user or the >> > > postfix owner should not be used in this case. >> > > >> > > See http://www.postfix.org/postconf.5.html#default_privs and local(8). >> > > >> > > Signed-off-by: Ali Alnubani <alialnu@mellanox.com> >> > > --- >> > > docs/deployment/installation.rst | 10 +++++----- >> > > 1 file changed, 5 insertions(+), 5 deletions(-) >> > > >> > > diff --git a/docs/deployment/installation.rst >> > > b/docs/deployment/installation.rst >> > > index c086d9a..cd5e102 100644 >> > > --- a/docs/deployment/installation.rst >> > > +++ b/docs/deployment/installation.rst >> > > @@ -617,11 +617,11 @@ they can be loaded as seen below: >> > > >> > > .. note:: >> > > >> > > - This assumes your Postfix process is running as the ``nobody`` user. If >> > > - this is not correct (use of ``postfix`` user is also common), you should >> > > - change both the username in the ``createuser`` command above and >> > substitute >> > > - the username in the ``grant-all-postgres.sql`` script with the appropriate >> > > - alternative. >> > > + This assumes that you are using the aliases(5) file that is owned by root, >> > > + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If >> > > + this is not the case, you should change both the username in the >> > ``createuser`` >> > > + command above and substitute the username in the ``grant-all- >> > postgres.sql`` >> > > + script with the appropriate alternative. >> > > >> > >> > I think this is now the third time I've tried to review this, and I think it's finally >> > starting to make sense. >> > >> > Is there any way local(8) could be invoked with a user other than the one >> > specified in default_privs? >> >> Yes. It's possible with user-level aliasing. You can create an aliases file that is owned by that user and added to alias_maps, or use the default forward_path (usually $home/.forward) >> http://www.postfix.org/local.8.html >> http://www.postfix.org/postconf.5.html#forward_path >> >> > btw, it should be grant-all.postgres.sql (a . not a - between all and >> > postgres) but if this doesn't need a respin I can fix that when I apply it. > > ngl, this doesn't make a whole lot of sense to me, but I trust that > you've done your homework on this and that it's based on hard earned > experience :) Yeah, I was contemplating a slightly wider-ranging rewrite but could never quite put pen to paper on how to do it. I agree that just apply it is the way to go. > > Reviewed-by: Stephen Finucane <stephen@that.guru> > > and applied (with the change noted by Daniel). > >> Thanks. >> >> Regards, >> Ali
diff --git a/docs/deployment/installation.rst b/docs/deployment/installation.rst index c086d9a..cd5e102 100644 --- a/docs/deployment/installation.rst +++ b/docs/deployment/installation.rst @@ -617,11 +617,11 @@ they can be loaded as seen below: .. note:: - This assumes your Postfix process is running as the ``nobody`` user. If - this is not correct (use of ``postfix`` user is also common), you should - change both the username in the ``createuser`` command above and substitute - the username in the ``grant-all-postgres.sql`` script with the appropriate - alternative. + This assumes that you are using the aliases(5) file that is owned by root, + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If + this is not the case, you should change both the username in the ``createuser`` + command above and substitute the username in the ``grant-all-postgres.sql`` + script with the appropriate alternative. __ http://www.postfix.org/
The permissions for the user running the postfix process are not the ones used for external file or command delivery by default. The ones defined by default_privs are (in case the aliases(5) file that is owned by root was being used). A privileged user or the postfix owner should not be used in this case. See http://www.postfix.org/postconf.5.html#default_privs and local(8). Signed-off-by: Ali Alnubani <alialnu@mellanox.com> --- docs/deployment/installation.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)