On Tue, Nov 30, 2010 at 07:39:39PM -0600, Dan wrote:
> virtual_gid_maps = mysql:$config_directory/mysql_gids.cf
> virtual_minimum_uid = 2002
> virtual_uid_maps = mysql:$config_directory/mysql_uids.cf
>
> Mysql relevant table entries:
>
> email domain maildir
> te...@test.com test2.com test2.com/test2/Maildir/
>
> uid gid
> 2003 2001
And in /etc/group, what is group 2001?
> Now lets chmod 777 /website/vuser so that it can create directories under
> UID/GID=2003/2001 as it wants but in fact see that gid never is 2001.
> Gid 2001 under my system is vuser:
> sunsaturn:~# grep 2001 /etc/group
> vuser:*:2001:
Prove this by posting the output of:
# tmp=$(mktemp /tmp/test.XXXXXX)
# chown 2003:2001 "$tmp"
# ls -l "$tmp"
# rm "$tmp"
> sunsaturn:~# chmod 777 /website/vuser; cd /website/vuser
Never use world-writable directories in this context.
> Nov 30 19:28:03 sunsaturn postfix/virtual[23237]: DC276119C60:
> to=<te...@test2.com>, relay=virtual, delay=0.01, delays=0.01/0/0/0,
> dsn=2.0.0, status=sent (delivered to maildir)
> Nov 30 19:29:03 sunsaturn postfix/virtual[23237]: 3EA8C119C56:
> to=<te...@test2.com>, relay=virtual, delay=372, delays=372/0/0/0,
> dsn=2.0.0, status=sent (delivered to maildir)
> -rw------- 1 2003 postfix 347 Nov 30 19:28
> test2.com/test2/Maildir/new/1291166883.V59Ib97008M906598.sunsaturn.com
> -rw------- 1 2003 postfix 347 Nov 30 19:29
> test2.com/test2/Maildir/new/1291166943.V59Ib97001M911353.sunsaturn.com
Well Postfix asks the operating system nicely by setting its effective
uid and gid. If the operating system does not cooperate, you need to
find out why.
src/virtual/mailbox.c:deliver_mailbox():
/* Look up the mailbox owner rights. Defer in case of trouble. */
uid_res = mail_addr_find(virtual_uid_maps, state.msg_attr.user,
IGNORE_EXTENSION);
if (uid_res == 0) { /* error handling */ }
if ((n = atol(uid_res)) < var_virt_minimum_uid) { /* error handling */ }
usr_attr.uid = (uid_t) n;
/* Look up the mailbox group rights. Defer in case of trouble. */
gid_res = mail_addr_find(virtual_gid_maps, state.msg_attr.user,
IGNORE_EXTENSION);
if (gid_res == 0) { /* error handling */ }
if ((n = atol(gid_res)) <= 0) { /* error handling */ }
usr_attr.gid = (gid_t) n;
if (msg_verbose)
msg_info("%s[%d]: set user_attr: %s, uid = %u, gid = %u",
myname, state.level, usr_attr.mailbox,
(unsigned) usr_attr.uid, (unsigned) usr_attr.gid);
You can configure "virtual -v" in master.cf to see the uid/gid logged.
/* Deliver to mailbox or to maildir. */
#define LAST_CHAR(s) (s[strlen(s) - 1])
if (LAST_CHAR(usr_attr.mailbox) == '/')
*statusp = deliver_maildir(state, usr_attr);
else
*statusp = deliver_mailbox_file(state, usr_attr);
src/virtual/mailbox.c:deliver_maildir():
set_eugid(usr_attr.uid, usr_attr.gid);
/* Creates files, writes data, ... */
set_eugid(var_owner_uid, var_owner_gid);
--
Viktor.
