postfix check warns about symlink being group writable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Debian) |
Fix Released
|
Unknown
|
|||
postfix (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Xenial |
Won't Fix
|
Low
|
Unassigned |
Bug Description
On Xenial, "postfix check" complains like that:
postfix/
postfix/
postfix/
postfix/
postfix/
postfix/
postfix/
Those are symlinks:
root@smtp01:~# ls -l /usr/lib/
lrwxrwxrwx 1 root root 23 Aug 8 15:23 /usr/lib/
Yet the real .so has no permission issue:
# ls -l /usr/lib/
-rw-r--r-- 1 root root 103344 Aug 8 15:23 /usr/lib/
This problem doesn't happen on Trusty.
Additional information:
# lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
# apt-cache policy postfix
postfix:
Installed: 3.1.0-3ubuntu0.1
Candidate: 3.1.0-3ubuntu0.1
Version table:
*** 3.1.0-3ubuntu0.1 500
500 http://
100 /var/lib/
3.1.0-3 500
500 http://
Changed in postfix (Debian): | |
status: | Unknown → New |
Changed in postfix (Debian): | |
status: | New → Fix Released |
Changed in postfix (Ubuntu): | |
status: | Triaged → Fix Released |
Changed in postfix (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in postfix (Ubuntu Xenial): | |
status: | Confirmed → Triaged |
Changed in postfix (Ubuntu): | |
assignee: | nobody → Alex Monroy (amonroyx) |
assignee: | Alex Monroy (amonroyx) → nobody |
Looking into git, this problem seem to have been introduced with the 3.0.0 release:
$ git remote -v /git.launchpad. net/postfix (fetch) /git.launchpad. net/postfix (push)
origin https:/
origin https:/
$ git show 5afd7bb2 -- conf/postfix-script | sed -n '59,81 p' config_ directory/ ." shared_ files" && { daemon_ directory/ . $meta_directory/. $todo" shlib_directory /. $todo"
+ todo="$
+ test -n "$check_
+ todo="$
+ test "$shlib_directory" = "no" ||
+ todo="$
+ }
+ todo=`echo "$todo" | tr ' ' '\12' | sort -u`
find $todo ! -user root \
- -exec $WARN not owned by root: {} \;
+ -exec $WARN not owned by root: {} \;
- todo="$ config_ directory/ ." shared_ files" && todo="$ daemon_ directory/ . $todo"
- test -n "$check_
+ find $todo \( -perm -020 -o -perm -002 \) \
+ -exec $WARN group or other writable: {} \;
- find $todo \
- \( -perm -020 -o -perm -002 \) -type f \
- -exec $WARN group or other writable: {} \;
+ # Check Postfix mail_owner-owned directory tree owner/permissions.
find $data_directory/. ! -user $mail_owner \
In the above, the "-type f" argument of the last find was dropped causing the issue.