Am 19.07.2011 17:02, schrieb Lars Täuber: > Hi Wietse, > > the unix socket can't be used by other users than root or postfix. > Is there a way to configure ownership and/or permissions for the socket? > > I thought under Linux the filesystem permissions reflect the permissions to > the unix socket. > > Here is my config and the socket: > master.cf: > backdoor > unix n - n - 3 smtpd > > # ls -l /var/spool/postfix/public/backdoor > srw-rw-rw- 1 postfix postdrop 0 2011-07-19 14:15 > /var/spool/postfix/public/backdoor > # sudo -u dspam /usr/bin/socat - > UNIX-CONNECT:/var/spool/postfix/public/backdoor > 2011/07/19 16:53:44 socat[23143] E connect(3, AF=1 > "/var/spool/postfix/public/backdoor", 36): Permission denied > > Am I doing something wrong?
Don't forget about the directory permissions. The dspam user needs execute permission for all containing directories, i. e. /var/spool/postfix/public, /var/spool/postfix, /var/spool, /var, and /. I supposed your dspam system user probably doesn't have access to the /var/spool/postfix/public directory (1), which check. If that's indeed the situation, review the security implications; you can either use ACLs to permit the dspam user execute permission fix that up (if supported and enabled on your /var filesystem), or you can consider making dspam a member of the postdrop group. (1) mine looks like this on Postfix 2.8: drwx--s--- 2 postfix postdrop 4096 2011-07-19 00:44 /var/spool/postfix/public
