Jack Bates:
> On 25/02/16 08:20 AM, Ralf Hildebrandt wrote:
> > * Ralf Hildebrandt <r...@sys4.de>:
> >> * Jack Bates <vgn...@nottheoilrig.com>:
> >>> LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and
> >>> external commands are made with the rights of the receiving user on
> >>> whose behalf the delivery is made."
> >>>
> >>> So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps)
> >>> thinking mail for user nottheoilrig would be delivered to
> >>> /mnt/nottheoilrig/ as UID nottheoilrig.
> >>
> >> Who is the owner of /etc/aliases* ?
> >
> > In the absence of a user context, the local(8) daemon uses the owner
> > rights of the :include: file or alias database. When those files are
> > owned by the superuser, delivery is made with the rights specified
> > with the default_privs configuration parameter.
> >
> > That's probably what you're seeing.
> > Make a sep. alaias file, make it owned by nottheoilrig and it should
> > work.
>
> Hmmm ... That is what's happening, but why's there no user context?
When delivering mail to file, the delivery is made on behalf of the
user who controls the decision to deliver to that file, i.e., the
owner of the aliases file.
If Postfix used the privileges of the file owner instead, then
anyone who is allowed to write to a (non-root) aliases would be
able to append mail to /etc/passwd.
Wietse
