Bug 546404

Summary:	mail-mta/postfix-3.0.0 makes /etc/postfix/main.cf permissions insecure on restart
Product:	Gentoo Linux	Reporter:	Hans de Graaff <graaff>
Component:	Current packages	Assignee:	Net-Mail Packages <net-mail+disabled>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Hans de Graaff gentoo-dev

2015-04-13 07:08:32 UTC

postfix 3.0.0 actively changes file permissions on /etc/postfix/main.cf on restart. The mtime of the file is also altered. This should be easy to reproduce:


# ls -l /etc/postfix/main.cf 
-r--r--r-- 1 root root 27152 Apr 13 08:47 /etc/postfix/main.cf


# /etc/init.d/postfix restart
 * Stopping postfix  ...                                                                                                                               [ ok ]
 * Starting postfix  ...                                                                                                                               [ ok ]


# ls -l /etc/postfix/main.cf 
-rw-r--r-- 1 root root 27152 Apr 13 09:05 /etc/postfix/main.cf



Postfix should not concern itself with file permissions on its configuration files and it should not alter the mtime of the file. In fact, it should not try to tinker with this file post-installation at all.

Apart from being a bad idea in the first place, this behavior also interacts very badly with configuration management tools like puppet. Currently I have a continous tug-of-war between puppet and postfix over this file.

Comment 1 Eray Aslan gentoo-dev

2015-04-13 07:51:21 UTC

Should be fixed in =mail-mta/postfix-3.0.1.