Changing permissions of postfixs "local"
David Kempe
dave at solutionsfirst.com.au
Wed Dec 13 21:18:18 UTC 2006
Hi Ingo,
You don't need to do that.
Just make a seperate file for the nagios alias and make it owned by the
correct user and group. Postfix local agent should then deliver mail
with the perms of the alias file.
From man 8 local:
*DELIVERY RIGHTS*
Deliveries to external files and external commands are
made with the rights of the receiving user on whose behalf
the delivery is made. In the absence of a user context,
the *local*(8) <http://www.postfix.org/local.8.html> daemon uses the owner rights of the *:include:*
file or alias database. When those files are owned by the
superuser, delivery is made with the rights specified with
the *default_privs <http://www.postfix.org/postconf.5.html#default_privs>* configuration parameter.
I have done this before for this exact problem and it works fine
dave
Ingo Lantschner wrote:
> Hello,
> I am using Ubuntu Server 6.06 as base os for a Nagios systemmonitor.
> Yesterday I was looking for a way to feed alerts send as emails from
> RAID-controllers like 3ware. First it was quite simple: Adding a line to
> /etc/aliases
> nagios: "|/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail"
>
> Writing the script was not the problem, but the permissions were. Nagios
> uses a pipe which is for obvious reasons not writable by nobody:nogroup.
>
> In order to get around this problem I changed the user runing "local":
> $ sudo postconf -e default_privs=nagios
>
> Now the emails go straight into Nagios.
>
> BUT: What are the security implications of tampering with the
> permissions of postfix? Any input is welcome - tia Ingo.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20061214/85e0a0fc/attachment.html>
More information about the ubuntu-server
mailing list