From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031009 Description of problem: When postfix invokes an external delivery agent, it doesn't call initgroups() to initialize the supplemental groups. When using procmail, this can lead readily lead to permission errors. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Switch to Postfix mta (as root) su -c 'echo "mailbox_command = /usr/bin/procmail" >> /etc/postfix/main.cf' redhat-switchmail # choose postfix 2. Put yourself in a supplementary group su -c "usermod -G wheel $LOGNAME" # add yourself to wheel 3. Set up a procmailrc to examine mda credentials cat > ~/.procmailrc <<'EOI' :0 c | id -a >> $HOME/id.log EOI 3. Send yourself some empty mail mail -s test $LOGNAME </dev/null 4. Examine the contents of id.log cat ~/id.log Actual Results: uid=500(rugolsky) gid=501(rugolsky) groups=501(rugolsky) Expected Results: uid=500(rugolsky) gid=501(rugolsky) groups=501(rugolsky),10(wheel) Additional info: A workaround is to use an MDA command that invokes initgroups() first, e.g., "sudo -u $LOGNAME /usr/bin/procmail", assuming sudo is set up correctly.
This should probably be taken up by reminding Wietse upstream, rather than with Red Hat....
I agree with Chris, this is an upstream issue.