Menu
▾
▴
Re: [Mailwatch-users] permissions on postfix queue directories
|
From: Bart J. S. <ba...@sm...> - 2014-03-21 21:01:46
|
Does
sudo setenforce 0
Make any difference?
Bart...
On 21/03/2014 17:17, "Stef Morrell" <st...@ao...> wrote:
>On 21 March 2014 16:47 L.P.H. van Belle [mailto:be...@ba...] wrote:
>> Wel good it fixed, but strange.
>>
>> this is the postfix part in my funtions.php
>>
>> and furtheron.
>>
>> // Postfix if mta = postfix
>> if ($mta == 'postfix' && ($_SESSION['user_type'] == 'A')) {
>> if (is_readable($incomingdir) && is_readable($outgoingdir))
>>{
>
>This test returns FALSE, unless I hard code $incomingdir and $outgoingdir
>just above (where normally it reads it from MailScanner.conf).
>
>It's all terribly odd.
>
>
>>
>> >-----Oorspronkelijk bericht-----
>> >Van: Stef Morrell [mailto:st...@ao...]
>> >Verzonden: vrijdag 21 maart 2014 17:31
>> >Aan: mai...@li...
>> >Onderwerp: Re: [Mailwatch-users] permissions on postfix queue
>> >directories
>> >
>> >Hello Louis
>> >
>> >On 21 March 2014 16:06 L.P.H. van Belle [mailto:be...@ba...] wrote:
>> >> There is nothing wrong with the code.
>> >
>> >No, I don't know that there is.
>> >
>> >> Does this work?
>> >>
>> >> sudo su apache
>> >> now as user apache try.
>> >>
>> >> cd /var/spool/postfix/hold
>> >>
>> >> cd /var/spool/MailScanner
>> >
>> >Oh yes, that works fine I'd already tried it, in fact.
>> >
>> >> code is correct, really, im running the same here, but then
>> >on debian.
>> >> what does you webserver logs exaclty say?
>> >
>> >Webserver logs show some php errors relating to jpgraph, but
>> >nothing about permissions.
>> >
>> >Actually, I knocked up a little test php script to see if
>> >apache could access the folders and it turns out it can.
>> >
>> >So, I've manually specified the paths at lines 289/290 of
>> >functions.php and now the problem has gone away.
>> >
>> >And I can't explain that either, as it appeared to be getting
>> >the paths correctly from MailScanner.conf and indeed
>> >MailScanner works perfectly with those entries.
>> >
>> >Stef
>> >
>> >
>> >>
>> >> >-----Oorspronkelijk bericht-----
>> >> >Van: Stef Morrell [mailto:st...@ao...]
>> >> >Verzonden: vrijdag 21 maart 2014 15:46
>> >> >Aan: mai...@li...
>> >> >Onderwerp: Re: [Mailwatch-users] permissions on postfix queue
>> >> >directories
>> >> >
>> >> >I wonder if we are getting off piste here. It's just doing a
>> >> >basic php is_readable() call.
>> >> >(http://us3.php.net/manual/en/function.is-readable.php) and so
>> >> >should be a basic permissions issue on the web application, ie
>> >> >can apache read the files.
>> >> >
>> >> >The relevant code is:
>> >> >
>> >> > // Mail Queues display
>> >> > $incomingdir = get_conf_var('incomingqueuedir');
>> >> > $outgoingdir = get_conf_var('outgoingqueuedir');
>> >> >
>> >> > // Display the MTA queue
>> >> > // Postfix if mta = postfix
>> >> > if ($mta == 'postfix' && ($_SESSION['user_type'] == 'A')) {
>> >> > if (is_readable($incomingdir) &&
>> >> >is_readable($outgoingdir)) {
>> >> > $inq = postfixinq();
>> >> > $outq = postfixallq() - $inq;
>> >> > echo ' <tr><td colspan="3" class="heading"
>> >> >align="center">Mai
>> >> >l Queues</td></tr>' . "\n";
>> >> > echo ' <tr><td colspan="2"><a
>> >> >href="postfixmailq.php">Inbound
>> >> >:</a></td><td align="right">' . $inq . '</td>' . "\n";
>> >> > echo ' <tr><td colspan="2"><a
>> >> >href="postfixmailq.php">Outboun
>> >> >d:</a></td><td align="right">' . $outq . '</td>' . "\n";
>> >> > } else {
>> >> > echo ' <tr><td colspan="3">Please verify
>> >> >read permissions on
>> >> >' . $incomingdir . ' and ' . $outgoingdir . '</td></tr>' . "\n";
>> >> > }
>> >> >
>> >> >It gets incoming and outgoing queue dirs from MailScanner.conf
>> >> >and that should be that. A lot of the information you
>> >> >requested really isn't relevant to why is_readable() is
>> >> >returning false in this case.
>> >> >
>> >> >Incoming Queue Dir = /var/spool/postfix/hold
>> >> >Outgoing Queue Dir = /var/spool/postfix/incoming
>> >> >
>> >> >drwxr-xr-x. 19 root root 4096 Feb 28 14:50 /var
>> >> >drwxr-xr-x. 12 root root 4096 Mar 21 10:45 /var/spool/
>> >> >drwxr-xr-x. 17 root root 4096 Mar 7 15:15 /var/spool/postfix
>> >> >
>> >> >/var/spool/postfix/hold:
>> >> >total 8
>> >> >drwxr-x---. 2 postfix apache 4096 Mar 21 14:25 .
>> >> >drwxr-xr-x. 17 root root 4096 Mar 7 15:15 ..
>> >> >
>> >> >/var/spool/postfix/incoming:
>> >> >total 12
>> >> >drwxr-x---. 2 postfix apache 4096 Mar 21 14:25 .
>> >> >drwxr-xr-x. 17 root root 4096 Mar 7 15:15 ..
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: L.P.H. van Belle [mailto:be...@ba...]
>> >> >> Sent: 21 March 2014 14:14
>> >> >> To: Stef Morrell
>> >> >> Cc: mai...@li...
>> >> >> Subject: RE: [Mailwatch-users] permissions on postfix queue
>> >> >directories
>> >> >>
>> >> >> Ok, so the settings are ok.
>> >> >>
>> >> >> you need to re-check the rights on the directories.
>> >> >>
>> >> >> and for example.
>> >> >>
>> >> >> /var/spool/postfix/incoming
>> >> >> needs to be something like.
>> >> >>
>> >> >> /var/ 755
>> >> >> /var/spool/ 755
>> >> >> /var/spool/postfix 755
>> >> >> /var/spool/postfix/incoming 770
>> >> >>
>> >> >> and user apache added to postfix group. ( you check that already )
>> >> >> if on /var/spool/postfix rights are 700, then thats wrong.
>> >> >>
>> >> >> if this isnt working also,
>> >> >>
>> >> >> please post you mailscanner config
>> >> >> and the output of.
>> >> >>
>> >> >> ls -al /var/* | grep spool
>> >> >> ls -al /var/spool/* | egrep "postfix|scanner"
>> >> >> ls -al /var/spool/postfix/*
>> >> >> ls -al /var/spool/MailScanner/*
>> >> >>
>> >> >> cat /etc/group | egrep "postfix|clam|apache|www-data"
>> >> >>
>> >> >> greetz,
>> >> >>
>> >> >> louis
>> >> >>
>> >> >>
>> >> >>
>> >> >> >-----Oorspronkelijk bericht-----
>> >> >> >Van: Stef Morrell [mailto:st...@ao...]
>> >> >> >Verzonden: vrijdag 21 maart 2014 15:06
>> >> >> >Aan: 'mai...@li...'
>> >> >> >Onderwerp: Re: [Mailwatch-users] permissions on postfix queue
>> >> >> >directories
>> >> >> >
>> >> >> >On 21 March 2014 13:32 L.P.H. van Belle [mailto:be...@ba...]
>> >> >> >> Hai can you please check the following in the
>> >mailscanner config.
>> >> >> >
>> >> >> >> <snip some settings>
>> >> >> >
>> >> >> >Yes, have all of that.
>> >> >> >
>> >> >> >> >-----Oorspronkelijk bericht-----
>> >> >> >> >Van: Stef Morrell [mailto:st...@ao...]
>> >> >> >> >Verzonden: vrijdag 21 maart 2014 14:27
>> >> >> >> >Aan: 'mai...@li...'
>> >> >> >> >Onderwerp: Re: [Mailwatch-users] permissions on postfix queue
>> >> >> >> >directories
>> >> >> >> >
>> >> >> >> >Hi
>> >> >> >> >
>> >> >> >> >On 21 March 2014 13:04 L.P.H. van Belle
>> >> >> >[mailto:be...@ba...] wrote:
>> >> >> >> >> this is what you should have.
>> >> >> >> >>
>> >> >> >> >> drwxr-x--- 2 postfix apache 20480 Mar 21 13:59 hold
>> >> >> >> >> drwxr-x--- 2 postfix apache 4096 Mar 21 13:59 incoming
>> >> >> >> >
>> >> >> >> >Yup. Got that.
>> >> >> >> >
>> >> >> >> >> i did :
>> >> >> >> >>
>> >> >> >> >> chown -R postfix:apache /var/spool/postfix/incoming
>> >> >> >> >/var/spool/postfix/hold
>> >> >> >> >> chmod -R 750 /var/spool/postfix/incoming
>> >> >/var/spool/postfix/hold
>> >> >> >> >>
>> >> >> >> >
>> >> >> >> >Same
>> >> >> >> >
>> >> >> >> >> adduser postfix apache
>> >> >> >> >> restart apache and postfix and mailscanner
>> >> >> >> >
>> >> >> >> >postfix and apache are already users on the system, created by
>> >> >> >> >default with Centos
>> >> >> >> >
>> >> >> >> >So, that describes my system exactly - but it's not working!
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >> >-----Oorspronkelijk bericht-----
>> >> >> >> >> >Van: Stef Morrell [mailto:st...@ao...]
>> >> >> >> >> >Verzonden: vrijdag 21 maart 2014 13:39
>> >> >> >> >> >Aan: mai...@li...
>> >> >> >> >> >Onderwerp: [Mailwatch-users] permissions on postfix queue
>> >> >> >> >directories
>> >> >> >> >> >
>> >> >> >> >> >Hi guys,
>> >> >> >> >> >
>> >> >> >> >> >My mailserver is heading onto new (virtual) iron, shiny new
>> >> >> >> >> >64-bit Centos 6.5 and therefore doing a proper job
>> >installing
>> >> >> >> >> >the whole bally lot from scratch so we're all up to date.
>> >> >> >> >> >
>> >> >> >> >> >Which means replacing the 1.0.5 mailwatch with a shiny new
>> >> >> >> >> >1.2.0 from git. Nice.
>> >> >> >> >> >
>> >> >> >> >> >All working nicely, so far.
>> >> >> >> >> >
>> >> >> >> >> >But - I can't seem to get rid of
>> >> >> >> >> >
>> >> >> >> >> >Please verify read permissions on
>> >/var/spool/postfix/hold and
>> >> >> >> >> >/var/spool/postfix/incoming
>> >> >> >> >> >
>> >> >> >> >> >Now, it appears Centos uses the single all-in
>> >directory style
>> >> >> >> >> >for postfix queues, which is fine by me, so I've not got
>> >> >> >> >> >multiple sub-folders to deal with.
>> >> >> >> >> >
>> >> >> >> >> >Original permissions were
>> >> >> >> >> >
>> >> >> >> >> >drwx------. 2 postfix postfix 4096 Mar 21 12:13 hold
>> >> >> >> >> >drwx------. 2 postfix postfix 4096 Mar 21 12:13 incoming
>> >> >> >> >> >
>> >> >> >> >> >I've tried
>> >> >> >> >> >
>> >> >> >> >> >drwxr-x---. 2 postfix apache 4096 Mar 21 12:13 hold
>> >> >> >> >> >drwxr-x---. 2 postfix apache 4096 Mar 21 12:13 incoming
>> >> >> >> >> >
>> >> >> >> >> >Hell, I've even tried
>> >> >> >> >> >
>> >> >> >> >> >drwxrwxrwx. 2 postfix apache 4096 Mar 21 12:33 hold
>> >> >> >> >> >drwxrwxrwx. 2 postfix apache 4096 Mar 21 12:33 incoming
>> >> >> >> >> >
>> >> >> >> >> >I'm semi surprised it's looking at queues at all, as I have
>> >> >> >> >> >
>> >> >> >> >> >// Display the inbound/outbound mail queue lengths
>> >> >> >> >> >// Note: this only works with Sendmail & Exim
>> >> >> >> >> >// You will also need to run mailwatch/mailq.php from cron.
>> >> >> >> >> >define('MAILQ', false);
>> >> >> >> >> >
>> >> >> >> >> >in my conf.php
>> >> >> >> >> >
>> >> >> >> >> >It seems I must be missing something. Can someone
>> >point me at
>> >> >> >> >> >it please? :)
>> >> >> >> >
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >---------------------------------------------------------------
>> >> >> >---------------
>> >> >> >Learn Graph Databases - Download FREE O'Reilly Book
>> >> >> >"Graph Databases" is the definitive new guide to graph
>> >> >> >databases and their
>> >> >> >applications. Written by three acclaimed leaders in the field,
>> >> >> >this first edition is now available. Download your free
>> >book today!
>> >> >> >http://p.sf.net/sfu/13534_NeoTech
>> >> >> >_______________________________________________
>> >> >> >Mailwatch-users mailing list
>> >> >> >Mai...@li...
>> >> >> >https://lists.sourceforge.net/lists/listinfo/mailwatch-users
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >> --
>> >> >> This email has been scanned by the Alpha Omega Computers
>> >MailCrusader
>> >> >> for viruses, spam and dangerous content.
>> >> >> For more information please visit http://www.aoc-uk.com
>> >> >
>> >> >
>> >> >---------------------------------------------------------------
>> >> >---------------
>> >> >Learn Graph Databases - Download FREE O'Reilly Book
>> >> >"Graph Databases" is the definitive new guide to graph
>> >> >databases and their
>> >> >applications. Written by three acclaimed leaders in the field,
>> >> >this first edition is now available. Download your free book today!
>> >> >http://p.sf.net/sfu/13534_NeoTech
>> >> >_______________________________________________
>> >> >Mailwatch-users mailing list
>> >> >Mai...@li...
>> >> >https://lists.sourceforge.net/lists/listinfo/mailwatch-users
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> This email has been scanned by the Alpha Omega Computers MailCrusader
>> >> for viruses, spam and dangerous content.
>> >> For more information please visit http://www.aoc-uk.com
>> >
>> >
>> >---------------------------------------------------------------
>> >---------------
>> >Learn Graph Databases - Download FREE O'Reilly Book
>> >"Graph Databases" is the definitive new guide to graph
>> >databases and their
>> >applications. Written by three acclaimed leaders in the field,
>> >this first edition is now available. Download your free book today!
>> >http://p.sf.net/sfu/13534_NeoTech
>> >_______________________________________________
>> >Mailwatch-users mailing list
>> >Mai...@li...
>> >https://lists.sourceforge.net/lists/listinfo/mailwatch-users
>> >
>> >
>>
>>
>> --
>> This email has been scanned by the Alpha Omega Computers MailCrusader
>> for viruses, spam and dangerous content.
>> For more information please visit http://www.aoc-uk.com
>
>
>--------------------------------------------------------------------------
>----
>Learn Graph Databases - Download FREE O'Reilly Book
>"Graph Databases" is the definitive new guide to graph databases and their
>applications. Written by three acclaimed leaders in the field,
>this first edition is now available. Download your free book today!
>http://p.sf.net/sfu/13534_NeoTech
>_______________________________________________
>Mailwatch-users mailing list
>Mai...@li...
>https://lists.sourceforge.net/lists/listinfo/mailwatch-users
|
