postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Extra permissions restrictions with pipe comm

Re: Extra permissions restrictions with pipe commands?

From: Wietse Venema <wietse_at_nospam>
Date: Fri Oct 15 2010 - 21:37:11 GMT
To: Postfix users <postfix-users@postfix.org>

Andy Theuninck:
> I'm trying to write a python script that accepts input from pipe. I'm
> encountering permission issues that I don't understand.
>
> According to postfix's configuration, pipe commands are run as
> nobody:nobody. Logging from my script to /tmp agrees confirms this is
> the case.

Hello, I wrote most of Postfix.

Postfix uses nobody:nobody privileges for commands in the system
aliases file (which should be owned by root).

You can request the same nobody:nobody privileges with the pipe(8)
delivery agent (user=nobody:nobody).

> When my script is called by postfix, I get permission errors when
> writing certain file locations. If I run the same script as
> nobody:nobody via sudo, those errors do not occur.

That seems broken: nobody:nobody should have the same rights as
nobody:nobody regardless of how the privileges are set. However,
see below for more.

> I am not using chroot for any part of postfix. It seems like some kind
> of group restriction is being layered on top. Through experimentation

Some Linux systems helpfully restrict the things that Postfix may
do with SeLinux AppArmor, Systrace, and whatnot. Such systems do not
provide the system call semantics that Postfix expects.

        Wietse