From patchwork Mon Oct 21 15:06:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ali Alnubani X-Patchwork-Id: 1180692 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46xgCZ45vnz9sP3 for ; Tue, 22 Oct 2019 02:14:18 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=mellanox.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=Mellanox.com header.i=@Mellanox.com header.b="sQFBVQbu"; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46xgCZ09mqzDr1S for ; Tue, 22 Oct 2019 02:14:18 +1100 (AEDT) X-Original-To: patchwork@lists.ozlabs.org Delivered-To: patchwork@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=mellanox.com (client-ip=40.107.7.81; helo=eur04-he1-obe.outbound.protection.outlook.com; envelope-from=alialnu@mellanox.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=mellanox.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=Mellanox.com header.i=@Mellanox.com header.b="sQFBVQbu"; dkim-atps=neutral Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70081.outbound.protection.outlook.com [40.107.7.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46xg2c04CzzDqvy for ; Tue, 22 Oct 2019 02:06:30 +1100 (AEDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QJrp7C73PQURgy0U4JdUejxxogAimIxIIwSbm8MsZgRbBCdJHhc6uzAPIJT7zpHod/4zVvKWqWLGoOiLgy0wWMX1TxZWS3SxtLjT8WuK9Q12lwv40inaIY4bT0d+r/GWjsxrR6GZVFiE9Im3M9OA86429f9LrAGmgk5yrrEemwi6LO1+1bSCYYZVwaKhUvRhoApXb8IlaGr5pLi5Fx62r43Fy/BxDZiIt2T1E3M/d3+HobizSX2kLHCYLH7JJf4ihbDoHmWMlBlvpJRk6W0hH2FVvnEga37vT2sU/MKx9sDRuNGKQxbx0Imw+nWyCOqYpIcbka7kQSVmH4VCmh6Z9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bS4XmicCZU496wWixiGrJG3FlD/8moTd9IruOAbpSMQ=; b=bnYV527PcL6SDj1j+7e6IT5F+lvznQczC0cbVWK/Pi+sfYiAOlKlxRHUEi7mtx+2HX1wkyuquDvKl8/B3YJEJk1D56u3Aa8z8Bm+GB0HK52XxhRDlby2M8mj0sEZrB0qp+oHk1XDD3FxJiPCiLeIq8eVk4mnAgtnJSy/y4uan5yZy4zHom1ItVm2O9N60NXmhrRCgzul7yygPueFfX5T+DdrTWNeVz4yLO9vbS+hEKe23brvttylLAYALG3MlaGx2iFLZ5YgvwEZ5cKY3Om+hjtqz7joXbo7Dkk1E9Wjny7wu4Yc9N5I2g1adGvZaU5MsNbihK5H8vNlD1Tejyg9AA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mellanox.com; dmarc=pass action=none header.from=mellanox.com; dkim=pass header.d=mellanox.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bS4XmicCZU496wWixiGrJG3FlD/8moTd9IruOAbpSMQ=; b=sQFBVQbu9A8t0TjuGSZpTyN1U163rhG5BaFxNB8eBWxZBLdzC+2AEgA+3vGrE5XwIZTPFYO/+wo9VxPdLL6PX9HcjczFwL7l77GZETGaUJSq4zD0DsOmr2vNzARaqvY8+G9WFcZcUBvSIOQzHdfv9RrZEJ5l6Xd4QX/bsNKDb6g= Received: from AM0PR05MB4401.eurprd05.prod.outlook.com (52.134.124.20) by AM0PR05MB4626.eurprd05.prod.outlook.com (52.133.57.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.22; Mon, 21 Oct 2019 15:06:25 +0000 Received: from AM0PR05MB4401.eurprd05.prod.outlook.com ([fe80::6038:6339:d88e:e9d]) by AM0PR05MB4401.eurprd05.prod.outlook.com ([fe80::6038:6339:d88e:e9d%7]) with mapi id 15.20.2347.029; Mon, 21 Oct 2019 15:06:24 +0000 From: Ali Alnubani To: "patchwork@lists.ozlabs.org" Subject: [PATCH] docs: Fix note about the required Postfix rights Thread-Topic: [PATCH] docs: Fix note about the required Postfix rights Thread-Index: AQHViCEbMP2sueFbTkiD8rODLOaSyQ== Date: Mon, 21 Oct 2019 15:06:24 +0000 Message-ID: <20191021150616.16033-1-alialnu@mellanox.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.11.0 x-clientproxiedby: PR2PR09CA0004.eurprd09.prod.outlook.com (2603:10a6:101:16::16) To AM0PR05MB4401.eurprd05.prod.outlook.com (2603:10a6:208:62::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alialnu@mellanox.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [95.142.172.178] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 445b02f9-e771-40d4-dd35-08d756383d8e x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: AM0PR05MB4626: x-ms-exchange-purlcount: 2 x-ld-processed: a652971c-7d2e-4d9b-a6a4-d149256f461b,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 0197AFBD92 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(366004)(39860400002)(346002)(376002)(199004)(189003)(102836004)(26005)(36756003)(186003)(2501003)(6436002)(6486002)(3846002)(71200400001)(966005)(316002)(6916009)(478600001)(52116002)(71190400001)(6116002)(256004)(6306002)(99286004)(2906002)(64756008)(66446008)(66476007)(66556008)(5640700003)(6506007)(386003)(66946007)(4326008)(486006)(50226002)(86362001)(1730700003)(25786009)(81156014)(81166006)(6512007)(476003)(54906003)(66066001)(14454004)(2351001)(2616005)(8936002)(305945005)(1076003)(7736002)(5660300002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR05MB4626; H:AM0PR05MB4401.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Vf/0Twla+1Ikekv4e7SCsaEeqfPenqdqkKe+NikgVjy9hypRz4roRy+R482N8n6vlf3ZAF8RKZDHT3DT2Wh9JyMEpc5VuNN9mCeHIPNWEuTuNKLpDKNV2nC/O7v8Eh2iGbVSK88uy6u/+Ri5ZouEZ+LbUJMMIZ96ApWTmGQLjnrOEX1UREacql2K3ZacPczE4+Zn2Zfc3bLqlnRt5941vVDEGNrRF0zG9oWFaQFn3Tfdic6SYdYxZJSIkHTJyDemqCXD6pId2mdK6DHNtmSYEX94Y4czGZh2S2aN/MGIxss3Il7Tovnkn9+LzHl6pFt4jdCIUuLxk7LNx6TVypD36s3qfjy3XXv6IKo3nR1T0s+7AbdklYOrNiCXWpMusQ/0Veqn+7pqLSqKelNYZanmq+kXRfO/eBozENl5riPYeEwJZlk6JJGRa9bCefBbJVK+W3/SXziQXsfH7ZNuK1a4ZA== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: 445b02f9-e771-40d4-dd35-08d756383d8e X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2019 15:06:24.8873 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QQN/v6aNjqdiU/DfZlGs4Gb2q0oZ0LyvUWS/joFjFm/HAa1LwDxPuiGcEVTXs4a5HEPCsJhDuu95y/fPG36Z+w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR05MB4626 X-BeenThere: patchwork@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Patchwork development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Monjalon Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Patchwork" The permissions for the user running the postfix process are not the ones used for external file or command delivery by default. The ones defined by default_privs are (in case the aliases(5) file that is owned by root was being used). A privileged user or the postfix owner should not be used in this case. See http://www.postfix.org/postconf.5.html#default_privs and local(8). Signed-off-by: Ali Alnubani Reviewed-by: Stephen Finucane --- docs/deployment/installation.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/deployment/installation.rst b/docs/deployment/installation.rst index c086d9a..cd5e102 100644 --- a/docs/deployment/installation.rst +++ b/docs/deployment/installation.rst @@ -617,11 +617,11 @@ they can be loaded as seen below: .. note:: - This assumes your Postfix process is running as the ``nobody`` user. If - this is not correct (use of ``postfix`` user is also common), you should - change both the username in the ``createuser`` command above and substitute - the username in the ``grant-all-postgres.sql`` script with the appropriate - alternative. + This assumes that you are using the aliases(5) file that is owned by root, + and that Postfix's ``default_privs`` configuration is set as ``nobody``. If + this is not the case, you should change both the username in the ``createuser`` + command above and substitute the username in the ``grant-all-postgres.sql`` + script with the appropriate alternative. __ http://www.postfix.org/