Changing permissions of postfixs "local"

[Ingo Lantschner]

Hi David,

David Kempe schrieb:
> Just make a seperate file for the nagios alias and make it owned by the 
> correct user and group. Postfix local agent should then deliver mail 
> with the perms of the alias file.
Great, thanks a lot. I just tried it this way and it works. Thanks a lot!

>  From man 8 local:
> 
> *DELIVERY RIGHTS*
>        Deliveries to external files  and  external  commands  are
>        made with the rights of the receiving user on whose behalf
>        the delivery is made.  In the absence of a  user  context,
>        the *local*(8) <http://www.postfix.org/local.8.html> daemon uses the owner rights of the *:include:*
>        file or alias database.  When those files are owned by the
>        superuser, delivery is made with the rights specified with
>        the *default_privs <http://www.postfix.org/postconf.5.html#default_privs>* configuration parameter.

There is one thing I dont understand even after reading it several 
times: If deliveries are made with the rights of the receiving user 
(=nagios), why do I get this error:
postfix/local[7570]:  to=<nagios at nagiosalert.xxx.net>, relay=local, 
delay=3, status=bounced (Command died with status 1: 
"/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail". Command 
output: local: fatal: execvp 
/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail: Permission 
denied )

The line in /etc/aliases is:
nagios: "|/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail"

this points to:
-rwxrwxr-- 1 nagios admin  handle-RAID-mail

which calls:
-rwxrwxr-- 1 nagios admin  submit_check_result

which outputs to:
prw-rw---- 1 nagios nagcmd nagios.cmd

In my understanding it should have been delivered, w/o making an extra 
aliases-file, since the receiving user has rw(x) on all files in the 
chain. My misunderstanding or wrong documentation?

Anyway, the concrete problem has been solved, thanks again - also to 
Daniel and Paul for there really interesting suggestions - regards, Ingo.