From 4e9ffbf2241a860f6a4d82a97c63fa82d8722fbc Mon Sep 17 00:00:00 2001 From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Sun, 5 Mar 2023 08:57:40 +0100 Subject: [PATCH] fix(Postfix): special bits for maildrop and public directory (#3149) * fixed special bits for maildrop and public dir After changing the group, special bits are lost, but they should be set for the directories `/var/spool/postfix/{maildrop,public}`, otherwise you see the following error: ``` postfix/postdrop[17400]: warning: mail_queue_enter: create file maildrop/729504.17400: Permission denied ``` * fix: Match octal permissions originally provided Officially Postfix source seems to imply: - `730` for `maildrop/` (_but has mentioned a sticky bit in the past, set-gid bit only for the postdrop binary involved_) - `710` for `public/` Both folders are assigned the same group that `postdrop` belongs to which has the SGID permission for it's executable. SGID special bit on`public/` doesn't seem necessary, but left as-is to match the default from Debian. --------- Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> --- target/scripts/startup/setup.d/mail_state.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/scripts/startup/setup.d/mail_state.sh b/target/scripts/startup/setup.d/mail_state.sh index c44b90b0..94421d08 100644 --- a/target/scripts/startup/setup.d/mail_state.sh +++ b/target/scripts/startup/setup.d/mail_state.sh @@ -83,6 +83,10 @@ function _setup_save_states chown root:root /var/mail-state/spool-postfix # These two require the postdrop(103) group: chgrp -R postdrop /var/mail-state/spool-postfix/{maildrop,public} + # After changing the group, special bits (set-gid, sticky) may be stripped, restore them: + # Ref: https://github.com/docker-mailserver/docker-mailserver/pull/3149#issuecomment-1454981309 + chmod 1730 /var/mail-state/spool-postfix/maildrop + chmod 2710 /var/mail-state/spool-postfix/public elif [[ ${ONE_DIR} -eq 1 ]] then _log 'warn' "'ONE_DIR=1' but no volume was mounted to '${STATEDIR}'"