Bug 107100 - no supplemental groups for postfix delivery agent
no supplemental groups for postfix delivery agent
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: postfix (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
http://archives.neohapsis.com/archive...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-14 20:24 EDT by Bill Rugolsky, Jr.
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-12 17:28:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Bill Rugolsky, Jr. 2003-10-14 20:24:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031009

Description of problem:
When postfix invokes an external delivery agent, it doesn't call initgroups() to
initialize the supplemental groups.  When using procmail, this can lead readily
lead to permission errors.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Switch to Postfix mta (as root)
   su -c 'echo "mailbox_command = /usr/bin/procmail" >> /etc/postfix/main.cf'
   redhat-switchmail # choose postfix
   
2. Put yourself in a supplementary group
   su -c "usermod -G wheel $LOGNAME" # add yourself to wheel
3. Set up a procmailrc to examine mda credentials
   cat > ~/.procmailrc <<'EOI'
:0 c
| id -a >> $HOME/id.log
EOI
3. Send yourself some empty mail
   mail -s test $LOGNAME </dev/null
4. Examine the contents of id.log
   cat ~/id.log 

Actual Results:  uid=500(rugolsky) gid=501(rugolsky) groups=501(rugolsky)


Expected Results:  uid=500(rugolsky) gid=501(rugolsky)
groups=501(rugolsky),10(wheel)

Additional info:

A workaround is to use an MDA command that invokes initgroups() first,  e.g.,
"sudo -u $LOGNAME /usr/bin/procmail", assuming sudo is set up correctly.
Comment 1 Chris Ricker 2003-12-11 18:33:29 EST
This should probably be taken up by reminding Wietse upstream, rather
than with Red Hat....

Comment 2 John Dennis 2004-01-12 17:28:08 EST
I agree with Chris, this is an upstream issue.

Note You need to log in before you can comment on or make changes to this bug.