Re: [PATCH] Document nobody as default user that runs piped command

Mon, 01 Aug 2022 11:38:07 -0700 

Raymond Li:
> Hello,
> 
> Currently Postfix doesn't document that the nobody user runs piped
> commands by default. The following patch amends that.

That is the case when the aliases file is owned by root; Postfix
supports aliases and :include: files that are owned by other users
and chooses delivery rights accordingly. There is a more precise
description in the local(8) manpage:

DELIVERY RIGHTS
       Deliveries to external files and external commands are  made  with  the
       rights  of the receiving user on whose behalf the delivery is made.  In
       the absence of a user context,  the  local(8)  daemon  uses  the  owner
       rights  of  the :include: file or alias database.  When those files are
       owned by the superuser, delivery is made with the rights specified with
       the default_privs configuration parameter.

This is why the aliases file defers to the local(8) manpage:

       /file/name
              Mail  is appended to /file/name. See local(8) for details of de-
              livery to file. 

       |command
              Mail  is piped into command. Commands that contain special char-
              acters, such as whitespace, should be  enclosed  between  double
              quotes. See local(8) for details of delivery to command.

I'll replace these rather unspecific pointers with more specific
pointers to "EXTERNAL FILE DELIVERY", "EXTERNAL COMMAND DELIVERY",
and "DELIVERY RIGHTS" in the local(8) documentation. There is a lot
of relevant information that should not be duplicated.

        Wietse
> ---
>  postfix/man/man5/aliases.5 | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5
> index 628b5d75..c041be11 100644
> --- a/postfix/man/man5/aliases.5
> +++ b/postfix/man/man5/aliases.5
> @@ -85,6 +85,8 @@ mailed back to the sender.  The file 
> \fB/usr/include/sysexits.h\fR
>  defines the expected exit status codes. For example, use
>  \fB"|exit 67"\fR to simulate a "user unknown" error, and
>  \fB"|exit 0"\fR to implement an expensive black hole.
> +.sp
> +Note that the command is run as the user \fBnobody\fR by default.
>  .IP \fB:include:\fI/file/name\fR
>  Mail is sent to the destinations listed in the named file.
>  Lines in \fB:include:\fR files have the same syntax
> --
> 2.37.1
> 
> ---
> Best,
> Raymond Li
>

Reply via email to