[pfx] Re: No Permissions To TLS Certificates
On 2023-10-12 at 08:26:40 UTC-0400 (Thu, 12 Oct 2023 23:26:40 +1100) Matthew J Black via Postfix-users is rumored to have said: On 12/10/2023 23:19, Wietse Venema via Postfix-users wrote: If the 'find' command cannot enumerate mode 755 directories, then this is no longer a problem that receives Postfix support. Turning off SeLinux is easy. Wietse Thanks for getting back to me. Yes, turning off SELinux is easy - however, as it is only a thought that that may be the cause (I'll test it tomorrow when I get to work), is there any doco/thoughts/etc on Postfix interacting with SELinux? I mean, surely, people have been running Postfix on RHEL before, right? These helpfully informative and demonstrative files exist on a CentOS 8Stream machine, so should be available on a RHEL 8 box if the relevant packages are installed: /usr/share/doc/selinux-policy/html/contrib_postfix.html /usr/share/doc/selinux-policy/html/contrib_postfixpolicyd.html /usr/share/man/man8/postfix_bounce_selinux.8.gz /usr/share/man/man8/postfix_cleanup_selinux.8.gz /usr/share/man/man8/postfix_local_selinux.8.gz /usr/share/man/man8/postfix_map_selinux.8.gz /usr/share/man/man8/postfix_master_selinux.8.gz /usr/share/man/man8/postfix_pickup_selinux.8.gz /usr/share/man/man8/postfix_pipe_selinux.8.gz /usr/share/man/man8/postfix_postdrop_selinux.8.gz /usr/share/man/man8/postfix_postqueue_selinux.8.gz /usr/share/man/man8/postfix_qmgr_selinux.8.gz /usr/share/man/man8/postfix_showq_selinux.8.gz /usr/share/man/man8/postfix_smtp_selinux.8.gz /usr/share/man/man8/postfix_smtpd_selinux.8.gz /usr/share/man/man8/postfix_virtual_selinux.8.gz /usr/share/selinux/targeted/default/active/modules/100/postfix /usr/share/selinux/targeted/default/active/modules/100/postfix/cil /usr/share/selinux/targeted/default/active/modules/100/postfix/lang_ext As I said, I'll experiment tomorrow, and (apart from waiting for any further SELinux/Postfix feedback) get back with the results that I generate. -- This email has been checked for viruses by Avast antivirus software. www.avast.com I see exactly that claim in a lot of malware spam... -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: No Permissions To TLS Certificates
Matthew J Black via Postfix-users: > On 12/10/2023 23:19, Wietse Venema via Postfix-users wrote: > > If the 'find' command cannot enumerate mode 755 directories, then > > this is no longer a problem that receives Postfix support. > > > > Turning off SeLinux is easy. > > Thanks for getting back to me. > > Yes, turning off SELinux is easy - however, as it is only a thought that > that may be the cause (I'll test it tomorrow when I get to work), is > there any doco/thoughts/etc on Postfix interacting with SELinux? Packet filters, SeLinux, AppArmor, eBPF, sandboxes, etc., are not part of Postfix. Generally, for questions about how to integrate with a specific OS distribtion, I must refer you to the documentation for your OS distribution. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: No Permissions To TLS Certificates
On 12/10/2023 23:19, Wietse Venema via Postfix-users wrote: If the 'find' command cannot enumerate mode 755 directories, then this is no longer a problem that receives Postfix support. Turning off SeLinux is easy. Wietse Thanks for getting back to me. Yes, turning off SELinux is easy - however, as it is only a thought that that may be the cause (I'll test it tomorrow when I get to work), is there any doco/thoughts/etc on Postfix interacting with SELinux? I mean, surely, people have been running Postfix on RHEL before, right? As I said, I'll experiment tomorrow, and (apart from waiting for any further SELinux/Postfix feedback) get back with the results that I generate. -- This email has been checked for viruses by Avast antivirus software. www.avast.com___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: No Permissions To TLS Certificates
duluxoz via Postfix-users: > (Sorry, can't remember if I should be top-posting or bottom-posting :-)? ) > > The answer for both queries: > > * The root folder is 555 root:root > * All other folders are 755 root:root > * The certs themselves are 600 root:root (I think I mentioned this one > in my original post - I think) > > Having raised this issue, it now raises another Q in my mind: could this > be something to do with SELinux interfering somehow (I'm not really up > to speed on SELinux, unfortunately)? If the 'find' command cannot enumerate mode 755 directories, then this is no longer a problem that receives Postfix support. Turning off SeLinux is easy. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: No Permissions To TLS Certificates
(Sorry, can't remember if I should be top-posting or bottom-posting :-) ) The answer for both queries: * The root folder is 555 root:root * All other folders are 755 root:root * The certs themselves are 600 root:root (I think I mentioned this one in my original post - I think) Having raised this issue, it now raises another Q in my mind: could this be something to do with SELinux interfering somehow (I'm not really up to speed on SELinux, unfortunately)? Cheers On 12/10/2023 01:40, Wietse Venema via Postfix-users wrote: duluxoz via Postfix-users: Oct 11 17:33:05 mail.me.local email_postfix[2038]: find: '/etc/postfix/./certs/me.local.pem': Permission denied Oct 11 17:33:05 mail.me.local email_postfix[2039]: postfix/postlog: warning: not owned by root: /etc/postfix/./certs/me.local.pem What is the output from: ls -ld / /etc /etc/postfix /etc/postfix/certs /etc/postfix/certs/me.local.pem Oct 11 17:33:05 mail.me.local email_postfix[2038]: find: '/etc/postfix/./certs/me2.local.pem': Permission denied Oct 11 17:33:05 mail.me.local email_postfix[2040]: postfix/postlog: warning: not owned by root: /etc/postfix/./certs/me2.local.pem What is the output from: ls -ld / /etc/postfix /etc/postfix/certs /etc/postfix/certs/me2.local.pem Wietse ___ Postfix-users mailing list --postfix-users@postfix.org To unsubscribe send an email topostfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: No Permissions To TLS Certificates
duluxoz via Postfix-users: > Oct 11 17:33:05 mail.me.local email_postfix[2038]: find: > '/etc/postfix/./certs/me.local.pem': Permission denied > Oct 11 17:33:05 mail.me.local email_postfix[2039]: postfix/postlog: > warning: not owned by root: /etc/postfix/./certs/me.local.pem What is the output from: ls -ld / /etc /etc/postfix /etc/postfix/certs /etc/postfix/certs/me.local.pem > Oct 11 17:33:05 mail.me.local email_postfix[2038]: find: > '/etc/postfix/./certs/me2.local.pem': Permission denied > Oct 11 17:33:05 mail.me.local email_postfix[2040]: postfix/postlog: > warning: not owned by root: /etc/postfix/./certs/me2.local.pem What is the output from: ls -ld / /etc/postfix /etc/postfix/certs /etc/postfix/certs/me2.local.pem Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
