[csw-devel] SF.net SVN: gar:[8540] csw/mgar/pkg/postfix/branches/postfix-2.6/Makefile

skayser at users.sourceforge.net skayser at users.sourceforge.net
Sun Feb 14 20:59:12 CET 2010 

Revision: 8540
          http://gar.svn.sourceforge.net/gar/?rev=8540&view=rev
Author:   skayser
Date:     2010-02-14 19:59:12 +0000 (Sun, 14 Feb 2010)

Log Message:
-----------
postfix 2.6: fix permission on spool dirs

Modified Paths:
--------------
    csw/mgar/pkg/postfix/branches/postfix-2.6/Makefile

Modified: csw/mgar/pkg/postfix/branches/postfix-2.6/Makefile
===================================================================
--- csw/mgar/pkg/postfix/branches/postfix-2.6/Makefile	2010-02-13 19:39:41 UTC (rev 8539)
+++ csw/mgar/pkg/postfix/branches/postfix-2.6/Makefile	2010-02-14 19:59:12 UTC (rev 8540)
@@ -51,14 +51,21 @@
 # http://article.gmane.org/gmane.os.solaris.opencsw.maintainers/5313
 POSTMSG     = $(DOCDIR)/$(GARNAME)/README.upgradefrom.24
 
+# For file permissions reference and verification purposes, postfix ships
+# /opt/csw/libexec/postfix/postfix-files which contains a list of the
+# desired settings. "postfix check" can be used to verify the permissions,
+# "postfix set-permissions" can be used to adjust them (which shouldn't
+# be necessary from a user standpoint, it's our job to ship the right perms).
+
 # Make postdrop setgid so that it can deliver to $(DEF_QUEUE_DIR)/maildrop
 PROTOTYPE_MODIFIERS = makesgid
-PROTOTYPE_FILES_makesgid = $(sbindir)/postdrop
+PROTOTYPE_FILES_makesgid = $(sbindir)/postdrop $(sbindir)/postqueue
+PROTOTYPE_GROUP_makesgid = postdrop
 PROTOTYPE_PERMS_makesgid = 2755
 
 # Make $(DEF_QUEUE_DIR) subdirs accessible/writable to postfix only
 PROTOTYPE_MODIFIERS += spooldir
-PROTOTYPE_FILES_spooldir = $(DEF_QUEUE_DIR)/*
+PROTOTYPE_FILES_spooldir = $(DEF_QUEUE_DIR)/.*
 PROTOTYPE_USER_spooldir  = postfix
 PROTOTYPE_PERMS_spooldir = 0700
 PROTOTYPE_CLASS_spooldir = ugfiles
@@ -70,6 +77,14 @@
 PROTOTYPE_PERMS_maildrop = 0730
 PROTOTYPE_CLASS_maildrop = ugfiles
 
+# Make $(DEF_QUEUE_DIR)/public accessible by postdrop group, likely
+# used for IPC with other processes (public contains sockets).
+PROTOTYPE_MODIFIERS += public
+PROTOTYPE_FILES_maildrop = $(DEF_QUEUE_DIR)/public
+PROTOTYPE_GROUP_maildrop = postdrop
+PROTOTYPE_PERMS_maildrop = 2710
+PROTOTYPE_CLASS_maildrop = ugfiles
+
 # IMPORTANT! Make $(DEF_QUEUE_DIR)/pid accessible by root only
 # http://www.openwall.com/lists/oss-security/2009/09/18/6
 PROTOTYPE_MODIFIERS += pid


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list