Re: mail/postfix: insufficient permissions for var/spool/postfix/...

[Frédéric Fauberteau <triaxx%NetBSD.org@localhost>]

Le 2020-01-23 13:34, Matthias Ferdinand a écrit :
> Hi,
>
> since several months there are postfix spool dir permission problems 
> after
> package upgrades (pkgsrc-current, Ubuntu 14.04, Ubuntu 18.04, and an
> extremely old SuSE system).
>
> They show e.g. at the start of the daemon:
>
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/active
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/bounce
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/corrupt
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/hold
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/incoming
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/saved
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/trace
>     postfix/postfix-script: warning: not owned by postfix:
> /opt/pkgsrc/var/spool/postfix/maildrop
>     postfix/postfix-script: warning: not owned by group maildrop:
> /opt/pkgsrc/var/spool/postfix/maildrop
>     postfix/postfix-script: starting the Postfix mail system
>
> or in the logs:
>
>     Jan 23 12:54:33 mailhost postfix/master[3218]: daemon started --
> version 3.4.8, configuration /opt/pkgsrc/etc/postfix
>     Jan 23 13:00:36 mailhost postfix/smtpd[3251]: connect from
> mailgw[192.168.11.1]
>     Jan 23 13:00:36 mailhost postfix/cleanup[3254]: warning:
> mail_queue_enter: create file incoming/941023.3254: Permission denied
>     Jan 23 13:00:46 mailhost postfix/cleanup[3254]: warning:
> mail_queue_enter: create file incoming/941219.3254: Permission denied
>     Jan 23 13:00:56 mailhost postfix/cleanup[3254]: warning:
> mail_queue_enter: create file incoming/941434.3254: Permission denied
>     Jan 23 13:01:06 mailhost postfix/cleanup[3254]: warning:
> mail_queue_enter: create file incoming/941656.3254: Permission denied
>     Jan 23 13:01:16 mailhost postfix/cleanup[3254]: warning:
> mail_queue_enter: create file incoming/941824.3254: Permission denied
>
> Postfix packages from the distribution were originally installed and 
> later
> removed again, so the original postfix-UID was retained.
>
> My manual workaround so far has been:
>
>     chown postfix:root
> ${PREFIX}/var/spool/postfix/{active,bounce,corrupt,defer,deferred,flush,hold,incoming,private,saved,trace}
>     chown postfix:maildrop 
> ${PREFIX}/var/spool/postfix/{maildrop,public}
>     chmod  700
> ${PREFIX}/var/spool/postfix/{active,bounce,corrupt,defer,deferred,flush,hold,incoming,private,saved,trace}
>     chmod 1730 ${PREFIX}/var/spool/postfix/maildrop
>     chmod 2710 ${PREFIX}/var/spool/postfix/public
>
> Now looking for a way to include this in the package itself. I
> tried adding
>     SPECIAL_PERMS+=...
> to the Makefile, but it gets ignored because directories fail the "test 
> -f"
> before the actual chmod/chown.
>
> Now I would like to ask for better ideas :-)
>
> Regards
> Matthias Ferdinand

Hi,

Shouldn't the var/spool/postfix/incoming directory be created by postfix 
when it is first started? In this case, maybe a patch would be needed to 
fix right user/group in the postfix sources.

Regards,
Fred