Changing permissions of postfixs "local"
Ingo Lantschner
ingo.lists at vum.at
Thu Dec 14 08:55:53 UTC 2006
Hi David,
David Kempe schrieb:
> Just make a seperate file for the nagios alias and make it owned by the
> correct user and group. Postfix local agent should then deliver mail
> with the perms of the alias file.
Great, thanks a lot. I just tried it this way and it works. Thanks a lot!
> From man 8 local:
>
> *DELIVERY RIGHTS*
> Deliveries to external files and external commands are
> made with the rights of the receiving user on whose behalf
> the delivery is made. In the absence of a user context,
> the *local*(8) <http://www.postfix.org/local.8.html> daemon uses the owner rights of the *:include:*
> file or alias database. When those files are owned by the
> superuser, delivery is made with the rights specified with
> the *default_privs <http://www.postfix.org/postconf.5.html#default_privs>* configuration parameter.
There is one thing I dont understand even after reading it several
times: If deliveries are made with the rights of the receiving user
(=nagios), why do I get this error:
postfix/local[7570]: to=<nagios at nagiosalert.xxx.net>, relay=local,
delay=3, status=bounced (Command died with status 1:
"/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail". Command
output: local: fatal: execvp
/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail: Permission
denied )
The line in /etc/aliases is:
nagios: "|/usr/local/nagios/libexec/eventhandlers/handle-RAID-mail"
this points to:
-rwxrwxr-- 1 nagios admin handle-RAID-mail
which calls:
-rwxrwxr-- 1 nagios admin submit_check_result
which outputs to:
prw-rw---- 1 nagios nagcmd nagios.cmd
In my understanding it should have been delivered, w/o making an extra
aliases-file, since the receiving user has rw(x) on all files in the
chain. My misunderstanding or wrong documentation?
Anyway, the concrete problem has been solved, thanks again - also to
Daniel and Paul for there really interesting suggestions - regards, Ingo.
More information about the ubuntu-server
mailing list