public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

postfix: add setgid wrapper for postqueue/postdrop

Browse Source 
Both postqueue[1] and postdrop[2] implement a subset of administration
task that are supposed to be run unprivileged users
and require the setgid bit to full-fill this task.

[1] http://www.postfix.org/postqueue.1.html
[2] http://www.postfix.org/postdrop.1.html
This commit is contained in:
Jörg Thalheim 2018-10-15 13:12:06 +01:00
parent b7d3974678
commit 91ddc9d27f
No known key found for this signature in database
GPG Key ID: CA4106B8D7CC79FA
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/services/mail/postfix.nix
View File

@ -602,7 +602,7 @@ in
target = "postfix"; target = "postfix";
}; };
# This makes comfortable for root to run 'postqueue' for example. # This makes it comfortable to run 'postqueue/postdrop' for example.
systemPackages = [ pkgs.postfix ]; systemPackages = [ pkgs.postfix ];
}; };
@ -616,6 +616,22 @@ in
setgid = true; setgid = true;
}; };
security.wrappers.postqueue = {
program = "postqueue";
source = "${pkgs.postfix}/bin/postqueue";
group = setgidGroup;
setuid = false;
setgid = true;
};
security.wrappers.postdrop = {
program = "postdrop";
source = "${pkgs.postfix}/bin/postdrop";
group = setgidGroup;
setuid = false;
setgid = true;
};
users.users = optional (user == "postfix") users.users = optional (user == "postfix")
{ name = "postfix"; { name = "postfix";
description = "Postfix mail server user"; description = "Postfix mail server user";