Hi Viktor On Wed, Oct 28, 2020 at 01:00:35PM -0400, Viktor Dukhovni wrote: > On Wed, Oct 28, 2020 at 09:01:38AM -0700, PGNet Dev wrote: > > Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning: > > mail_queue_enter: create file maildrop/553726.64624: Permission denied > > Oct 28 15:02:45 svr019 postfix/postdrop[32688]: warning: > > mail_queue_enter: create file maildrop/766615.32688: Permission denied > Barring interference from SELinux or AppArmour, ... this should not > happen unless file permissions change.
Maybe this was true ten years ago, but it is not longer. The OP even mentioned something called "no new privileges", which is described only one tiny internet search away at https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html. And yes, this flag is exactly what can cause this: it disables suid/sgid, so the maildrop process runs without it and of course can't write into the maildrop directory. > Correct file permissions are set > via "postfix set-permissions" (at package install time) and should not > change thereafter. The OP even showed that the permissions are correct, but you did not cite it. > Of course if SELinux et. al, decide to intervene, then you have to > fix the relevant settings. It seems that you have to learn a lot about the security controls that a modern Linux provides. Regards, Bastian -- I object to intellect without discipline; I object to power without constructive purpose. -- Spock, "The Squire of Gothos", stardate 2124.5
