I just loaded up Postfix on Ubuntu 12.04 (following several guides), and most said to change the file permissions in the /etc/postfix/maps (user.cf, alias.cf, domain.cf) to 700 and owned by the postfix user.
Yet, when I do this, those files can't be read. I had to chmod 777 the whole folder for postfix to work. Any ideas on how I can troubleshoot this so I don't have to use 777 for the whole directory?
I know it's a permission issue, and postfix should be running under the postfix account, I just thought I might ask you guys for your recommendations.
Asked for information:
ps aux | grep postfix
root 1839 0.0 0.1 158844 864 ? Ss Dec28 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 1840 0.0 0.2 158844 1040 ? S Dec28 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 1841 0.0 0.1 158844 912 ? S Dec28 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 1842 0.0 0.1 158844 844 ? S Dec28 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 1844 0.0 0.1 158844 924 ? S Dec28 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 2633 0.0 0.0 25108 356 ? Ss Dec28 0:00 /usr/lib/postfix/master
postfix 2637 0.0 0.0 27336 368 ? S Dec28 0:00 qmgr -l -t fifo -u
postfix 2697 0.0 0.1 38244 980 ? S Dec28 0:00 tlsmgr -l -t unix -u -c
root 18742 0.0 0.1 9388 884 pts/1 S+ 00:11 0:00 grep --color=auto postfix
ls -al /etc/postfix
drwxr-xr-x 4 root root 4096 Dec 28 16:29 .
drwxr-xr-x 117 root root 4096 Dec 28 17:24 ..
-rw-r--r-- 1 root root 329 Dec 24 21:33 dynamicmaps.cf
-rw-r--r-- 1 root root 2216 Dec 28 16:29 main.cf
-rw-r--r-- 1 root root 1370 Dec 24 21:44 main.cf.old
drwxrwxrwx 2 root postfix 4096 Dec 28 17:10 maps
-rw-r--r-- 1 root root 4797 Dec 24 21:46 master.cf
-rw-r--r-- 1 root root 19707 Oct 23 10:10 postfix-files
-rwxr-xr-x 1 root root 8729 Oct 23 10:10 postfix-script
-rwxr-xr-x 1 root root 26498 Oct 23 10:10 post-install
drwxr-xr-x 2 root root 4096 Dec 24 21:55 sasl
When I would receive error messages, they would be:
Dec 28 17:04:43 prodserv1 postfix/virtual[7194]: error: open /etc/postfix/maps/user.cf: Permission denied
Dec 28 17:04:43 prodserv1 postfix/virtual[7194]: warning: mysql:/etc/postfix/maps/user.cf is unavailable. open /etc/postfix/maps/user.cf: Permission denied
Dec 28 17:04:43 prodserv1 postfix/virtual[7194]: warning: table virtual_mailbox_maps: lookup username@mydomain.com: Permission denied
Best Answer
The postfix master process manager runs as root.
This process can therefore access anything it pleases, and hence is not the issue.
However, any service in master.cf that has the 2nd column of its service definition ("Unprivileged") set to "y", runs under the user account set with mail_owner in main.cf.
This user, or its primary group, must have read access to all map files: