Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 107100 - no supplemental groups for postfix delivery agent
no supplemental groups for postfix delivery agent
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: postfix (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
http://archives.neohapsis.com/archive...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-14 20:24 EDT by Bill Rugolsky, Jr.
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-12 17:28:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Bill Rugolsky, Jr. 2003-10-14 20:24:56 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031009

Description of problem:
When postfix invokes an external delivery agent, it doesn't call initgroups() to
initialize the supplemental groups.  When using procmail, this can lead readily
lead to permission errors.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Switch to Postfix mta (as root)
   su -c 'echo "mailbox_command = /usr/bin/procmail" >> /etc/postfix/main.cf'
   redhat-switchmail # choose postfix
   
2. Put yourself in a supplementary group
   su -c "usermod -G wheel $LOGNAME" # add yourself to wheel
3. Set up a procmailrc to examine mda credentials
   cat > ~/.procmailrc <<'EOI'
:0 c
| id -a >> $HOME/id.log
EOI
3. Send yourself some empty mail
   mail -s test $LOGNAME </dev/null
4. Examine the contents of id.log
   cat ~/id.log 

Actual Results:  uid=500(rugolsky) gid=501(rugolsky) groups=501(rugolsky)


Expected Results:  uid=500(rugolsky) gid=501(rugolsky)
groups=501(rugolsky),10(wheel)

Additional info:

A workaround is to use an MDA command that invokes initgroups() first,  e.g.,
"sudo -u $LOGNAME /usr/bin/procmail", assuming sudo is set up correctly.
Comment 1 Chris Ricker 2003-12-11 18:33:29 EST 
This should probably be taken up by reminding Wietse upstream, rather
than with Red Hat....
Comment 2 John Dennis 2004-01-12 17:28:08 EST 
I agree with Chris, this is an upstream issue.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.