John A @ KLaM:
> Recently there was a discussion about file permissions and ownership.
> My postfix setup is as far as I know fairly conventional Debian stretch.
Run "postfix set-permissions", then "postfix check", and fix any
permission problems that it reports.
If any of those commands abort, file a bug with the maintainer.
> Would I be better with directories as 750
> and files as 640.
That may break mail submission with /usr/sbin/sendmail, depending
on how things are configured.
> Ownership = postfix in all cases.
NO, THAT WOULD BE A TERRIBLE MISTAKE. Many Postfix programs run
with root privileges (most of them temporarily, some permanently)
and therefore, their configuration files/directories MUST NOT be
writable by non-root processes. That includes /var/spool/postfix.
Wietse
