Hi Matthias, Am Tue, 19 Jul 2011 17:11:57 +0200 Matthias Andree <matthias.and...@gmx.de> schrieb: > Am 19.07.2011 17:02, schrieb Lars Täuber: > > Hi Wietse, > > > > the unix socket can't be used by other users than root or postfix. > > Is there a way to configure ownership and/or permissions for the socket? > > > > I thought under Linux the filesystem permissions reflect the permissions > > to the unix socket. > > > > Here is my config and the socket: > > master.cf: > > backdoor > > unix n - n - 3 smtpd > > > > # ls -l /var/spool/postfix/public/backdoor > > srw-rw-rw- 1 postfix postdrop 0 2011-07-19 > > 14:15 /var/spool/postfix/public/backdoor > > # sudo -u dspam /usr/bin/socat - > > # UNIX-CONNECT:/var/spool/postfix/public/backdoor > > 2011/07/19 16:53:44 socat[23143] E connect(3, AF=1 > > "/var/spool/postfix/public/backdoor", 36): Permission denied > > > > Am I doing something wrong? > > Don't forget about the directory permissions. The dspam user needs > execute permission for all containing directories, i. e. > /var/spool/postfix/public, /var/spool/postfix, /var/spool, /var, and /. > > I supposed your dspam system user probably doesn't have access to the > /var/spool/postfix/public directory (1), which check. > > If that's indeed the situation, review the security implications; you > can either use ACLs to permit the dspam user execute permission fix that > up (if supported and enabled on your /var filesystem), or you can > consider making dspam a member of the postdrop group.
thanks. That's it. I just put dspam in the postdrop group. > > (1) mine looks like this on Postfix 2.8: > > drwx--s--- 2 postfix postdrop 4096 2011-07-19 00:44 > /var/spool/postfix/public Sunny greatings from Berlin Lars
