On Wed, Aug 28, 2024 at 04:29:02PM +0000, Laura Smith via Postfix-users wrote:
> In its default configuration, Postfix
> makes /var/spool/postfix/public/qmgr world accessible whilst the
> parent directory /var/spool/postfix/public is not.
>
> This means that metric gathering is not able to connect to
> /var/spool/postfix/public/qmgr.
What is this "metric gathering" you speak of?
> I'm guessing the wrong answer is to make the metric gatherer part of
> the post[d]rop group (which is the group owner of the parent directory).
As Wietse noted, if this relies on internal interfaces (which? Or have
you patched the queue manager to support new site-specific behaviour?),
you're on your own.
In any case, hard to say, but if you're willing to bear the (not
necessarily onerous) cost of operating a fork, then running as a user
that can access the "public" queue sub-directory sounds like a
reasonable choice, less risky then a new setgid command if the
interface is not intended for the general user (i.e. not the
postqueue(1) use-case).
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
