Re: Mail system is down

Sun, 02 Jan 2022 15:37:34 -0800 

Ken Wright:
> On Sun, 2022-01-02 at 17:30 -0500, Wietse Venema wrote:
> > Ken Wright:
> > > On Sun, 2022-01-02 at 16:01 -0500, Wietse Venema wrote:
> > > > Does it also fail when run as root? In that case,
> > > > 
> > > > ??? # strace -e connect postqueue -p |&grep showq
> > > > 
> > > > Otherwise, some temporary hack is needed.
> > > > 
> > > > As root, disdable file permissions:
> > > > 
> > > > # chmod 777 /var/spool/postfix/public
> > > > # chmod g-s /usr/sbin/postqueue
> > > > 
> > > > As non-root,list the queue:
> > > > 
> > > > $ strace -e connect postqueue -p 
> > > 
> > > Here's the output:
> > 
> > So this is working 'normally'.
> > 
> > Now do the other experiment that temporarily chnages opermissions.
> 
> connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0
> connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) =
> -1 ENOENT (No such file or directory)
> connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) =
> -1 ENOENT (No such file or directory)
> connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) =
> -1 ENOENT (No such file or directory)
> connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) =
> -1 ENOENT (No such file or directory)
> connect(4, {sa_family=AF_UNIX, sun_path="public/showq"}, 110) = -1
> EACCES (Permission denied)
> postqueue: fatal: Connect to the Postfix showq service: Permission
> denied
> +++ exited with 69 +++
> 
> Does this make any sense?

Here is what happens on m system.

As root:

# chmod g-s /usr/sbin/postdrop
# ls -l /usr/sbin/postdrop
-rwxr-xr-x 1 root postdrop 44472 Dec 23 18:08 /usr/sbin/postdrop
# chmod 777 /var/spool/postfix/public 
# ls -ld /var/spool/postfix/public /var/spool/postfix/public/showq
drwxrwxrwx. 2 postfix postdrop 4096 Jan  2 15:55 /var/spool/postfix/public
srw-rw-rw-  1 postfix postfix     0 Jan  2 15:55 /var/spool/postfix/public/showq
# su wietse

As non-root:

wzv$ strace -e connect postqueue -p |& grep showq
connect(4, {sa_family=AF_UNIX, sun_path="public/showq"}, 110) = 0
wzv$ exit

Back as root:

# chmod 710 /var/spool/postfix/public
# ls -ld /var/spool/postfix/public
drwx--x---. 2 postfix postdrop 4096 Jan  2 18:30 /var/spool/postfix/public
# chmod g+s /usr/sbin/postdrop
# ls -l /usr/sbin/postdrop
-rwxr-sr-x 1 root postdrop 44472 Dec 23 18:08 /usr/sbin/postdrop

If THAT postqueue command fails on your system with EACCES and there
is no AppArmor crap or the like, then your system has a nonstandard
permission system and I can't help you.

        Wietse

Reply via email to