From: kclair (no email)
Date: Wed Nov 01 2006 - 08:51:36 EST
On Tue, Oct 31, 2006 at 06:44:07PM -0500, Wietse Venema wrote:
> kclair:
> > Hello,
> >
> > I'm trying to use a content filter using an external command via
> > master.cf. I can't really wrap my head around the permissions
> > problems that I'm seeing, and I'm wondering if anyone can shed any
> > light on it.
> >
> > The line(s) in master.cf:
> > filter unix - n n - 10 pipe
> > flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} --
> > ${recipient}
> >
> > This should be executing this command as the user "filter", right?
> >
> > The permissions of the script:
> > -rwxr-x--- 1 root filter 1123 2006-10-31 14:13 filter.sh
>
> This file is executable if:
>
> the process has the NUMERICAL uid of the root USER.
>
> the process has the NUMERICAL gid of the filter GROUP.
>
> Nowhere does it say that a process with the numerical
> uid of the filter USER has execute permission.
But the filter user is part of the filter group, so shouldn't that
grant the filter user permission to execute the file?
And also, when I run the program from the command line as the user
filter, it executes with no permissions problem.
I guess I am not understanding why it is different when it is
executed by postfix. Does it not matter in that case that user filter
is part of group filter?
Thanks,
Kristina
|
|
|