Should I be root or postfix user to execute postfix commands?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Should I be root or postfix user to execute postfix commands?

Tom Browder
In spite of its old age, I use the "Postfix" book by Kyle Dent for ease of basic reference. I am now stepping through configuration and I can't find whether the postfix commands should be executed as root or the postfix user.

I think it should be as root, but would appreciate an expert opinion.

Thanks.

-Tom
Reply | Threaded
Open this post in threaded view
|

Re: Should I be root or postfix user to execute postfix commands?

Peter Ajamian
On 18/08/17 22:57, Tom Browder wrote:
> In spite of its old age, I use the "Postfix" book by Kyle Dent for ease
> of basic reference. I am now stepping through configuration and I can't
> find whether the postfix commands should be executed as root or the
> postfix user.
>
> I think it should be as root, but would appreciate an expert opinion.

Some commands need to be run as the superuser and some can be run as an
unprivileged user.  I'm not aware of any postfix commands that need to
be run specifically as the postfix user.

The documentation for each command states what the requirements are for
running it.


Peter
Reply | Threaded
Open this post in threaded view
|

Re: Should I be root or postfix user to execute postfix commands?

Benny Pedersen-2
In reply to this post by Tom Browder
Tom Browder skrev den 2017-08-18 12:57:

> I think it should be as root, but would appreciate an expert opinion.

if its not root, it would be a fail on its own

> Thanks.

+1
Reply | Threaded
Open this post in threaded view
|

Re: Should I be root or postfix user to execute postfix commands?

Ralph Seichter
In reply to this post by Tom Browder
On 18.08.2017 12:57, Tom Browder wrote:

> I can't find whether the postfix commands should be executed as root
> or the postfix user.

"The postfix commands" is ambiguous. While launching Postfix needs to
be done as root, other functions can be performed by other users. For
example, authorized_flush_users and authorized_mailq_users allow you to
configure a list of users that can interact with the mail queue.

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: Should I be root or postfix user to execute postfix commands?

Tom Browder
On Fri, Aug 18, 2017 at 06:41 Ralph Seichter <[hidden email]> wrote:
On 18.08.2017 12:57, Tom Browder wrote:

> I can't find whether the postfix commands should be executed as root
> or the postfix user.

"The postfix commands" is ambiguous. While launching Postfix needs to
be done as root, other functions can be performed by other users. For
example, authorized_flush_users and authorized_mailq_users allow you to
configure a list of users that can interact with the mail queue.

All good info.

Thanks Peter, Benny, and Ralph!

-Tom
Reply | Threaded
Open this post in threaded view
|

Re: Should I be root or postfix user to execute postfix commands?

Viktor Dukhovni
In reply to this post by Tom Browder
On Fri, Aug 18, 2017 at 10:57:35AM +0000, Tom Browder wrote:

> In spite of its old age, I use the "Postfix" book by Kyle Dent for ease of
> basic reference. I am now stepping through configuration and I can't find
> whether the postfix commands should be executed as root or the postfix user.
>
> I think it should be as root, but would appreciate an expert opinion.

Because the Postfix system (master and some delivery agents) can
run commands under multiple user identities, Postfix management
requires root privileges, and most of the content of /etc/postfix
needs to be owned by root and not writable by any other user.

The "postfix" user is an unprivileged service account (think of it
as a Postfix-specific "nobody" account) used to run internal services
at low-privilege (optionally chrooted with root permissions revoked).
While it is possible to perform some tasks as "postfix", you're not
expected to use that account directly, it is used internally by
the Postfix system as appropriate.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Should I be root or postfix user to execute postfix commands?

Tom Browder
On Fri, Aug 18, 2017 at 8:24 AM, Viktor Dukhovni
<[hidden email]> wrote:
...
> The "postfix" user is an unprivileged service account (think of it
> as a Postfix-specific "nobody" account) used to run internal services
> at low-privilege (optionally chrooted with root permissions revoked).
> While it is possible to perform some tasks as "postfix", you're not
> expected to use that account directly, it is used internally by
> the Postfix system as appropriate.

Very clear, Viktor, thanks!

-Tom