Am 21.12.2014 um 22:56 schrieb Wietse Venema:
li...@rhsoft.net:
i try to execute postmap like below from a PHP script running on a
webserver via passthru() - the temp-file exists and works out from a
root shell, but called from the webserver no return or error
the idea behind is
* load live ptr-rules via webservice
* store them in a temp file
* fire the input against postmap to check matches (FP/FN)
/usr/sbin/postmap -v -q 'static-164-148-4-96.hardin.tn.ena.net'
regexp:/tmp/ptr-filter-temp.cf
any idea where postmap needs access and probably not have on the
restricted webserver and why even with -v no output at all happens?
Good, your PHP engine does not run as root.
and much much more restricted which was the problem :-)
the setup has disabled acess of any filesystemöparts which are not
needed for the services to provide
in fact "InaccessibleDirectories=/usr/lib64/mysql" which is not needed
in context of php-mysqlnd but in case of postmap the mysql-client libs
are linked - i was in front of a long "InaccessibleDirectories" list and
hoped while comment out trial-and-error to get a hint...
To find out what fails, use
strace -o file.$$ /usr/sbin/postmap...
or
strace /usr/sbin/postmap...
not possible that easy in the context, but solved anyways
BTW, regexps in Postfix tables must come from a trusted source
just because of interest: what means "trusted source" here?
it works now just fine from /tmp in context of "PrivateTmp=yes" for the
web-instance
