On Mon, Feb 07, 2011 at 09:17:10PM -0800, Quanah Gibson-Mount wrote:
> Unlike previous postfix releases, postconf changes the ownership of the
> "main.cf" file when it is executed. This breaks things that specifically
> set the ownership on main.cf prior to executing postconf.
The main.cf file needs to belong to root, since its content is trusted by
privileged services. It is a mistake to use a non-root owned main.cf file.
The code that implemenents "postconf -e" main.cf updates has not changed
since Postfix 2.6. The main.cf file is given the original permissions, but
no attempt is made to explicitly assign an owner. Even in the previous 2.4
and 2.5 implementations, postconf still does not explicitly chown the new
main.cf file, it belongs to the effective user id that runs "postconf -e".
I've not looked at previous releases, but the behaviour is rather unlikely
to be different. Perhaps you are confusing "postconf" with "postmap", which
builds indexed files with the same owner/mode as the corresponding source
files.
> I can reproduce this quite easily by touching a file as the user ID I want
> to own it, and then running postconf:
>
> zimbra@mail:~> cd postfix/conf
> zimbra@mail:~/postfix/conf> touch main.cf
> zimbra@mail:~/postfix/conf> ls -l main.cf
> -rw-r----- 1 zimbra zimbra 0 Feb 8 00:14 main.cf
The main.cf file needs to belong to root. It should typically be
world-readable, as otherwise sendmail(1), postdrop(1) and postqueue(1)
won't be able to function when run by a user other than the file owner.
> zimbra@mail:~/postfix/conf> sudo /opt/zimbra/postfix/sbin/postconf -e
> mail_owner=postfix setgid_group=postdrop
> zimbra@mail:~/postfix/conf> ls -l main.cf
> -rw-r--r-- 1 root root 45 Feb 8 00:16 main.cf
The new main.cf file now has correct ownership.
> I would expect postfix to leave the user/group ownership unchanged, as was
> the case in previous releases.
Which specific release did you test that has the behaviour you expected?
--
Viktor.
