On Thu, Jun 17, 2021 at 06:43:11PM +1000, Simon Wilson wrote:
> >>>Just don't assume /tmp or /var/tmp are the same between services.
> >>>
> >>>Postfix on RHEL 8 is configured with private /tmp. To be exact:
> >>>| PrivateTmp=true
> >>>| CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT
> >>>CAP_SYS_MODULE
> >>>| ProtectSystem=true
> >>>| PrivateDevices=true
> >>>
> >>>Bastian
> >>
> >>
> >>----- End message from Bastian Blank
> >><bastian+postfix-users=postfix....@waldi.eu.org> -----
> >>
> >>Yup.
> >>
> >>Using a directory other than /tmp works fine on RHEL8:
> >>
> >>[root@emp87 ~]# chmod 1777 /home/simon
> >>[root@emp87 ~]# echo "somealias: /home/simon/somefile" >>
> >>/etc/aliases && newaliases
> >>[root@emp87 ~]# echo "test" | mail somealias@localhost
> >>[root@emp87 simon]# cat /home/simon/somefile
> >>{content as expected}
> >
> >Thanks guys. You are right -- this does work.
> >
> >My previous example worked for a long time. Not sure why it suddenly became
> >broken but I will try to dig into that some more.
> >
>
> It broke because as Bastian pointed out in CentOS 8 the Postfix
> service definition (postfix.service) changed with the addition of
> PrivateTmp=true. CentOS 7 did not have that so used the "standard"
> /tmp. Your process WAS WORKING - just not writing to the /tmp you
> were looking at, but to the postfix service's private /tmp.
Pardon me, what I meant was that this used to work with CentOS 8.
> You *could* return it to the way it worked before by changing the
> service definition file and removing privatetmp - assuming you were
> comfortable with opening up postfix /tmp to be normal system /tmp -
> others far smarter than I with Postfix would be better placed to
> comment on any risks so introduced.
>
> Simon.
>
> --
> Simon Wilson
> M: 0400 12 11 16
>
