Rolf E. Sonneveld:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi,
>
> running Postfix 2.4.5
>
> According to http://www.postfix.org/pipe.8.html it is possible to define
> a 'user:group' in a pipe entry in master.cf:
>
> > *user*=/username/:/groupname/
> > Execute the external command with the rights of the
> > specified /username/. The software refuses to exe-
This text could be more precise: Postfix executes the external
command with the user ID and group ID of /username/.
> > cute commands with root privileges, or with the
> > privileges of the mail system owner. If /groupname/
> > is specified, the corresponding group ID is used
> > instead of the group ID of /username/.
Note, it says "the group ID of username" meaning it uses only one.
Wietse
>
> Let's assume we have:
>
> user: appuser
> primary group: appgroup1
> other groups where appuser is listed in /etc/group: appgroup7 and appgroup8
>
> It seems that if we use appuser as username in the pipe entry in
> master.cf, without defining a group, the script is executed as appuser
> with the primary group: appgroup1. As expected, if we define for example
> appuser:appgroup8, the script is executed as user appuser with group
> appgroup8.
>
> My question: is it possible to have the script executed by the user,
> where the user has all groups 'active' (appgroup1, appgroup7 and
> appgroup8). It seems the 'groupname' in the pipe entry in master.cf does
> not allow for a list of groups?
>
> Or is it intentional that only one group can be selected (maybe for
> security reasons)?
>
> /rolf
>
>
>
>
