Re: alias_maps delivery rights?
On 26/02/16 08:57 AM, Viktor Dukhovni wrote: On Fri, Feb 26, 2016 at 08:16:43AM -0800, Jack Bates wrote: Hmmm ... That is what's happening, but why's there no user context? I expected the first case ("the rights of the receiving user on whose behalf the delivery is made") vs. the second ("the absence of a user context"). Entries in /etc/aliases that happen to have the same name as a user in /etc/passwd are not presumed to have the privileges of that user account. For the latter, you need a ".forward" file belonging to the user. Local aliases(5) are processed before user accounts are looked up, and in many deployments after alias expansion local mail is delivered via a "mailbox_transport", and no user accounts are involved at all. Gotcha. Switching from /etc/aliases to a .forward file is working for me. In my case it makes no difference that the .forward file is owned by the user because the user doesn't have shell access to the server. If it were an issue, I'm sure there's a more complicated way to keep the user from editing the configuration. Thanks!
Re: alias_maps delivery rights?
Jack Bates: > On 25/02/16 08:20 AM, Ralf Hildebrandt wrote: > > * Ralf Hildebrandt: > >> * Jack Bates : > >>> LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and > >>> external commands are made with the rights of the receiving user on > >>> whose behalf the delivery is made." > >>> > >>> So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps) > >>> thinking mail for user nottheoilrig would be delivered to > >>> /mnt/nottheoilrig/ as UID nottheoilrig. > >> > >> Who is the owner of /etc/aliases* ? > > > > In the absence of a user context, the local(8) daemon uses the owner > > rights of the :include: file or alias database. When those files are > > owned by the superuser, delivery is made with the rights specified > > with the default_privs configuration parameter. > > > > That's probably what you're seeing. > > Make a sep. alaias file, make it owned by nottheoilrig and it should > > work. > > Hmmm ... That is what's happening, but why's there no user context? When delivering mail to file, the delivery is made on behalf of the user who controls the decision to deliver to that file, i.e., the owner of the aliases file. If Postfix used the privileges of the file owner instead, then anyone who is allowed to write to a (non-root) aliases would be able to append mail to /etc/passwd. Wietse
Re: alias_maps delivery rights?
On Fri, Feb 26, 2016 at 08:16:43AM -0800, Jack Bates wrote: > Hmmm ... That is what's happening, but why's there no user context? > I expected the first case ("the rights of the receiving user on whose > behalf the delivery is made") vs. the second ("the absence of a user > context"). Entries in /etc/aliases that happen to have the same name as a user in /etc/passwd are not presumed to have the privileges of that user account. For the latter, you need a ".forward" file belonging to the user. Local aliases(5) are processed before user accounts are looked up, and in many deployments after alias expansion local mail is delivered via a "mailbox_transport", and no user accounts are involved at all. -- Viktor.
Re: alias_maps delivery rights?
On 25/02/16 08:20 AM, Ralf Hildebrandt wrote: * Ralf Hildebrandt: * Jack Bates : LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf the delivery is made." So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps) thinking mail for user nottheoilrig would be delivered to /mnt/nottheoilrig/ as UID nottheoilrig. Who is the owner of /etc/aliases* ? In the absence of a user context, the local(8) daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter. That's probably what you're seeing. Make a sep. alaias file, make it owned by nottheoilrig and it should work. Hmmm ... That is what's happening, but why's there no user context? I expected the first case ("the rights of the receiving user on whose behalf the delivery is made") vs. the second ("the absence of a user context").
Re: alias_maps delivery rights?
Ralf Hildebrandt: > In the absence of a user context, the local(8) daemon uses the owner > rights of the :include: file or alias database. When those files are > owned by the superuser, delivery is made with the rights specified > with the default_privs configuration parameter. > > That's probably what you're seeing. > Make a sep. alaias file, make it owned by nottheoilrig and it should > work. You need to set the ownership (once) for the aliases source file AND for the .db output file. After that, postalias/newaliases will work as follows: if invoked by root, it drops privileges to the owner of the aliases source file. If invoked by any other user, it will run as that user. Wietse
Re: alias_maps delivery rights?
* Ralf Hildebrandt: > * Jack Bates : > > LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and > > external commands are made with the rights of the receiving user on > > whose behalf the delivery is made." > > > > So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps) > > thinking mail for user nottheoilrig would be delivered to > > /mnt/nottheoilrig/ as UID nottheoilrig. > > Who is the owner of /etc/aliases* ? In the absence of a user context, the local(8) daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter. That's probably what you're seeing. Make a sep. alaias file, make it owned by nottheoilrig and it should work. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: alias_maps delivery rights?
* Jack Bates: > LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and > external commands are made with the rights of the receiving user on > whose behalf the delivery is made." > > So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps) > thinking mail for user nottheoilrig would be delivered to > /mnt/nottheoilrig/ as UID nottheoilrig. Who is the owner of /etc/aliases* ? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
alias_maps delivery rights?
LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf the delivery is made." So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps) thinking mail for user nottheoilrig would be delivered to /mnt/nottheoilrig/ as UID nottheoilrig. In fact it's being delivered to /mnt/nottheoilrig/ as UID nobody (65534): > warning: maildir access problem for UID/GID=65534/65534: create > maildir file /mnt/nottheoilrig/tmp/1456342242.P27921.ip-10-0-0-214: > Permission denied What am I missing? Thanks!