Changing permissions of postfixs "local"

David Kempe dave at
Wed Dec 13 21:18:18 UTC 2006

Hi Ingo,
You don't need to do that.
Just make a seperate file for the nagios alias and make it owned by the 
correct user and group. Postfix local agent should then deliver mail 
with the perms of the alias file.
 From man 8 local:

       Deliveries to external files  and  external  commands  are
       made with the rights of the receiving user on whose behalf
       the delivery is made.  In the absence of a  user  context,
       the *local*(8) <> daemon uses the owner rights of the *:include:*
       file or alias database.  When those files are owned by the
       superuser, delivery is made with the rights specified with
       the *default_privs <>* configuration parameter.

I have done this before for this exact problem and it works fine


Ingo Lantschner wrote:
> Hello,
> I am using Ubuntu Server 6.06 as base os for a Nagios systemmonitor. 
> Yesterday I was looking for a way to feed alerts send as emails from 
> RAID-controllers like 3ware. First it was quite simple: Adding a line to 
> /etc/aliases
> nagios: "|/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail"
> Writing the script was not the problem, but the permissions were. Nagios 
> uses a pipe which is for obvious reasons not writable by nobody:nogroup.
> In order to get around this problem I changed the user runing "local":
> $ sudo postconf -e default_privs=nagios
> Now the emails go straight into Nagios.
> BUT: What are the security implications of tampering with the 
> permissions of postfix? Any input is welcome - tia Ingo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-server mailing list