On 10/17/2012 3:53 AM, /dev/rob0 wrote: > On Tue, Oct 16, 2012 at 09:33:38PM -0500, Stan Hoeppner wrote: >> On 10/16/2012 9:17 PM, Neil Aggarwal wrote:
>>> Here is my alias in /etc/aliases: >>> # Forward mdcm messages to mail handler >>> mdcm: |"/root/webapps/cbsweb/WEB-INF/bin/mdcm/mailHandler" >> >> You're running the script as root. > > No, it won't run as root. Assuming /etc/aliases is owned by root, > this command is run by $default_privs user (default: "nobody".) I assume he was running it as root from his CLI shell. Which is why I believe he saw different behavior between shell and Postfix. >> Run the script in the context of the Postfix user, assigning >> necessary permissions to the script and all related files. > > Oh, my, no! The $mail_owner user (default: "postfix") should never be > used for this; not for *anything* other than internal processes of > the Postfix MTA itself. But as I said, you were on the right track. > If "nobody" can access the script and files it needs, it might work. You misunderstood Rob. Maybe I didn't use a sufficient level of verbosity. I didn't say "run the script AS the 'postfix' user". Note the subtle differences, specifically "Postfix" vs "postfix" (UNIX user names are case insensitive), and "in the context of" vs "as". Ergo, he needs to create a user dedicated to use by "Postfix", i.e. his new "Postfix user", and assign "necessary permissions to the script and all related files". -- Stan
