Ubuntu: Postfix, maps permissions?

ubuntu postfix permissions

5,068

The postfix master process manager runs as root.
This process can therefore access anything it pleases, and hence is not the issue.

However, any service in master.cf that has the 2nd column of its service definition ("Unprivileged") set to "y", runs under the user account set with mail_owner in main.cf.

This user, or its primary group, must have read access to all map files:

chmod 0640 /etc/postfix/maps/* && chgrp <postfixgroup> /etc/postfix/maps/*

5,068

DavisTasar

Updated on September 18, 2022

Comments

DavisTasar almost 2 years

I just loaded up Postfix on Ubuntu 12.04 (following several guides), and most said to change the file permissions in the /etc/postfix/maps (user.cf, alias.cf, domain.cf) to 700 and owned by the postfix user.

Yet, when I do this, those files can't be read. I had to chmod 777 the whole folder for postfix to work. Any ideas on how I can troubleshoot this so I don't have to use 777 for the whole directory?

I know it's a permission issue, and postfix should be running under the postfix account, I just thought I might ask you guys for your recommendations.

Asked for information:

ps aux | grep postfix

root      1839  0.0  0.1 158844   864 ?        Ss   Dec28   0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      1840  0.0  0.2 158844  1040 ?        S    Dec28   0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      1841  0.0  0.1 158844   912 ?        S    Dec28   0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      1842  0.0  0.1 158844   844 ?        S    Dec28   0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      1844  0.0  0.1 158844   924 ?        S    Dec28   0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      2633  0.0  0.0  25108   356 ?        Ss   Dec28   0:00 /usr/lib/postfix/master
postfix   2637  0.0  0.0  27336   368 ?        S    Dec28   0:00 qmgr -l -t fifo -u
postfix   2697  0.0  0.1  38244   980 ?        S    Dec28   0:00 tlsmgr -l -t unix -u -c
root     18742  0.0  0.1   9388   884 pts/1    S+   00:11   0:00 grep --color=auto     postfix

ls -al /etc/postfix

drwxr-xr-x   4 root root     4096 Dec 28 16:29 .
drwxr-xr-x 117 root root     4096 Dec 28 17:24 ..
-rw-r--r--   1 root root      329 Dec 24 21:33 dynamicmaps.cf
-rw-r--r--   1 root root     2216 Dec 28 16:29 main.cf
-rw-r--r--   1 root root     1370 Dec 24 21:44 main.cf.old
drwxrwxrwx   2 root postfix  4096 Dec 28 17:10 maps
-rw-r--r--   1 root root     4797 Dec 24 21:46 master.cf
-rw-r--r--   1 root root    19707 Oct 23 10:10 postfix-files
-rwxr-xr-x   1 root root     8729 Oct 23 10:10 postfix-script
-rwxr-xr-x   1 root root    26498 Oct 23 10:10 post-install
drwxr-xr-x   2 root root     4096 Dec 24 21:55 sasl

When I would receive error messages, they would be:

Dec 28 17:04:43 prodserv1 postfix/virtual[7194]: error: open /etc/postfix/maps/user.cf: Permission denied
Dec 28 17:04:43 prodserv1 postfix/virtual[7194]: warning: mysql:/etc/postfix/maps/user.cf is unavailable. open /etc/postfix/maps/user.cf: Permission denied
Dec 28 17:04:43 prodserv1 postfix/virtual[7194]: warning: table virtual_mailbox_maps: lookup [email protected]: Permission denied

Ladadadada over 11 years

Could you add ps aux | grep postfix and ls -la /etc/postfix/ to your question? Also, are you getting an error message? If so, add it too.
DavisTasar over 11 years

Done! I'm not receiving error messages at the moment, however when I was they would appear as above.