Hi,
running Postfix 2.4.5
According to http://www.postfix.org/pipe.8.html it is possible to define
a 'user:group' in a pipe entry in master.cf:
*user*=/username/:/groupname/
Execute the external command with the rights of the
specified /username/. The software refuses to exe-
cute commands with root privileges, or with the
privileges of the mail system owner. If /groupname/
is specified, the corresponding group ID is used
instead of the group ID of /username/.
Let's assume we have:
user: appuser
primary group: appgroup1
other groups where appuser is listed in /etc/group: appgroup7 and appgroup8
It seems that if we use appuser as username in the pipe entry in
master.cf, without defining a group, the script is executed as appuser
with the primary group: appgroup1. As expected, if we define for example
appuser:appgroup8, the script is executed as user appuser with group
appgroup8.
My question: is it possible to have the script executed by the user,
where the user has all groups 'active' (appgroup1, appgroup7 and
appgroup8). It seems the 'groupname' in the pipe entry in master.cf does
not allow for a list of groups?
Or is it intentional that only one group can be selected (maybe for
security reasons)?
/rolf
