DevHeads.net

Ownership question

Currently running 3.4.5 on Slackware-14.2. After each upgrade I run 'postfix
set-permissions upgrade-configuration' then adjust ownerships as needed.

When I upgraded to 3.4.5 last weekend I found that when /var/spool/postfix
has owner.group of root.postfix the server would not start. Changing the
owner from root to postfix allowed the server to start, but the daily log
file report told me:

not owned by root: /var/spool/postfix/pid
not owned by root: /var/spool/postfix/.

This has not happened before and I want to confirm who owns which
directories and files (with postfix or postdrop as the groups). Here's what
is now working here:

In /var/spool/postfix:

drwx------ 2 postfix postfix 20480 Jun 23 07:57 active/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 bounce/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 corrupt/
drwx------ 18 postfix postfix 4096 Jun 23 07:57 defer/
drwx------ 18 postfix postfix 4096 Jun 23 07:57 deferred/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 flush/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 hold/
drwx------ 2 postfix postfix 16384 Jun 23 07:57 incoming/
drwx-wx--- 2 postfix postdrop 24576 Jun 23 07:57 maildrop/
drwxr-xr-x 2 postfix root 4096 Jun 23 07:57 pid/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 private/
drwx--x--- 2 postfix postdrop 4096 Jun 23 07:57 public/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 saved/
drwx------ 2 postfix postfix 4096 Jun 23 07:57 trace/

Puzzled,

Rich

Comments

Re: Ownership question

By Wietse Venema at 07/04/2019 - 07:35

Rich Shepard:
Don't adjust ownership or permissions of Postfix files/directories.
Let 'postfix set-permissions' do what needs to be done.

Wietse

Re: Ownership question

By Rich Shepard at 07/04/2019 - 09:04

Wietse,

This is the first thing I do. When starting postfix throttles and displays
errors I fix them. This lead me to store corrections in a text file and it
was only this last upgrade that was different.

Many thanks for your all your efforts on postfix over the years.

Best regards,

Rich

Re: Ownership question

By Wietse Venema at 07/04/2019 - 09:20

Rich Shepard:
So you run 'postfix set-permissions' and then adjust permissions?
That is not right. Postfix permissions and ownerships must never
require manual adjustment.

Wietse

Re: Ownership question

By LuKreme at 07/04/2019 - 05:58

On 3 Jul 2019, at 17:23, Rich Shepard <rshepard@appl-ecosys.com> wrote:
On my FreeBSD system:

# ls -lsd /var/spool/postfix
8 drwxr-xr-x 16 root wheel 512 May 19 13:05 /var/spool/postfix

Slackware issue?

All the directories in /var/spool/postfix are owned by postfix except for pid, which is owned by root.

8 drwxr-xr-x 16 root wheel 512 May 19 13:05 .
8 drwxr-xr-x 12 root wheel 512 May 17 18:46 ..
8 drwx------ 2 postfix wheel 512 Jul 4 03:51 active
8 drwx------ 2 postfix wheel 512 Jul 2 20:30 bounce
8 drwx------ 2 postfix wheel 512 May 19 13:05 corrupt
8 drwx------ 18 postfix wheel 512 Jan 23 2018 defer
8 drwx------ 18 postfix wheel 512 Jan 23 2018 deferred
8 drwx------ 2 postfix wheel 512 May 19 13:05 flush
8 drwx------ 2 postfix wheel 512 May 19 13:05 hold
8 drwx------ 2 postfix wheel 512 Jul 4 03:51 incoming
8 drwx-wx--- 2 postfix maildrop 512 Jul 4 03:51 maildrop
8 drwxr-xr-x 2 root postfix 512 Jun 13 06:39 pid
8 drwx------ 2 postfix wheel 512 Jul 3 04:01 private
8 drwx--x--- 2 postfix maildrop 512 Jun 25 22:14 public
8 drwx------ 2 postfix wheel 512 May 19 13:05 saved
8 drwx------ 2 postfix wheel 512 Jun 7 04:38 trace

Re: Ownership question

By Rich Shepard at 07/04/2019 - 08:46

Likely not. I've used the same build script for years.

Thank you. That's why the logwatch warnings puzzled me.

Regards,

Rich

Re: Ownership question

By LuKreme at 07/04/2019 - 09:26

On 4 Jul 2019, at 06:46, Rich Shepard <rshepard@appl-ecosys.com> wrote:
Well, something has changed and it is not the permissions that postfix expects on the folder. If it cannot launch with proper permissions set it seems likely that the OS is blocking something.

The log warnings you showed in your original post are correct.