Victor Duchovni:
> On Tue, Mar 17, 2009 at 11:37:39AM -0600, LuKreme wrote:
>
> > On 17-Mar-2009, at 03:49, LuKreme wrote:
> >> I've made sure that /var/run/saslauthd/ is owned by root:postfix (it was
> >> root:mail) and have removed the authdaemon_path line and am trying again.
> >> Hopefully this was it.
> >
> > That wasn't it, and the ownership by root:mail shouldn't matter as the
> > postfix user is part of the mail group. I think I've read everything twice,
> > and am stumped.
>
> Postfix processes don't make use of secondary groups. The primary group
> of $mail_owner (typically "postfix") needs to be permissioned for all
> resources with group-based access control.
Yes and no. Postfix will use initgroups() when permanently changing
privileges (smtpd(8), qmgr(8), etc.), but not when changing privileges
temporarily (master(8), pipe(8), local(8), spawn(8)) or when forking
off an external command. It's easy to make errors here.
Wietse
