* [pmg-devel] [PATCH api v4 02/10] pmg-smtp-filter: move pid file into /run/pmg-smtp-filter
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-12 9:54 ` Fiona Ebner
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 03/10] config: store config lock in smtp-filter runtime dir Maximiliano Sandoval
` (7 subsequent siblings)
8 siblings, 1 reply; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
We use systemd's RuntimeDirectory to ensure the directory exists when needed.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/pmg-smtp-filter.service | 3 ++-
src/PMG/Utils.pm | 2 +-
src/bin/pmg-smtp-filter | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/debian/pmg-smtp-filter.service b/debian/pmg-smtp-filter.service
index cbf2d6f..c887dc2 100644
--- a/debian/pmg-smtp-filter.service
+++ b/debian/pmg-smtp-filter.service
@@ -11,10 +11,11 @@ ExecStart=/usr/bin/pmg-smtp-filter
KillMode=mixed
TimeoutStopSec=40
ExecReload=/bin/kill -HUP $MAINPID
-PIDFile=/run/pmg-smtp-filter.pid
+PIDFile=/run/pmg-smtp-filter/pmg-smtp-filter.pid
Type=forking
Restart=on-abort
RestartSec=10
+RuntimeDirectory=pmg-smtp-filter
[Install]
WantedBy=multi-user.target
diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
index 5d9ded4..09cb42d 100644
--- a/src/PMG/Utils.pm
+++ b/src/PMG/Utils.pm
@@ -1462,7 +1462,7 @@ sub get_pg_server_version {
sub reload_smtp_filter {
- my $pid_file = '/run/pmg-smtp-filter.pid';
+ my $pid_file = '/run/pmg-smtp-filter/pmg-smtp-filter.pid';
my $pid = PVE::Tools::file_read_firstline($pid_file);
return 0 if !$pid;
diff --git a/src/bin/pmg-smtp-filter b/src/bin/pmg-smtp-filter
index 6061459..b19242a 100755
--- a/src/bin/pmg-smtp-filter
+++ b/src/bin/pmg-smtp-filter
@@ -80,7 +80,7 @@ if (!GetOptions(
exit (-1);
}
-$opt_pidfile = "/run/${prog_name}.pid" if !$opt_pidfile;
+$opt_pidfile = "/run/pmg-smtp-filter/${prog_name}.pid" if !$opt_pidfile;
my $max_servers = 1;
my $min_servers = 1;
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [pmg-devel] [PATCH api v4 02/10] pmg-smtp-filter: move pid file into /run/pmg-smtp-filter
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 02/10] pmg-smtp-filter: move pid file into /run/pmg-smtp-filter Maximiliano Sandoval
@ 2024-07-12 9:54 ` Fiona Ebner
[not found] ` <s8ottgq2784.fsf@proxmox.com>
0 siblings, 1 reply; 12+ messages in thread
From: Fiona Ebner @ 2024-07-12 9:54 UTC (permalink / raw)
To: Maximiliano Sandoval, pmg-devel
Am 10.07.24 um 16:35 schrieb Maximiliano Sandoval:
> diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
> index 5d9ded4..09cb42d 100644
> --- a/src/PMG/Utils.pm
> +++ b/src/PMG/Utils.pm
> @@ -1462,7 +1462,7 @@ sub get_pg_server_version {
>
> sub reload_smtp_filter {
>
> - my $pid_file = '/run/pmg-smtp-filter.pid';
> + my $pid_file = '/run/pmg-smtp-filter/pmg-smtp-filter.pid';
> my $pid = PVE::Tools::file_read_firstline($pid_file);
>
> return 0 if !$pid;
Can there be a race here during/after update? I.e. service still running
with PID file in old path and reload_smtp_filter() is called only
checking the new path. Does something ensure this can't happen?
Otherwise, I suppose we'll need to check the old path too until the next
major release.
And what about the other way around, i.e. service already running with
PID file in new path and old version of reload_smtp_filter() called
still checking the old path?
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 03/10] config: store config lock in smtp-filter runtime dir
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 02/10] pmg-smtp-filter: move pid file into /run/pmg-smtp-filter Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 04/10] create new users for the rule db Maximiliano Sandoval
` (6 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
src/PMG/Config.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index a0daba3..95bc57b 100644
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -1819,8 +1819,8 @@ my $pmg_service_params = {
},
};
-my $smtp_filter_cfg = '/run/pmg-smtp-filter.cfg';
-my $smtp_filter_cfg_lock = '/run/pmg-smtp-filter.cfg.lck';
+my $smtp_filter_cfg = '/run/pmg-smtp-filter/pmg-smtp-filter.cfg';
+my $smtp_filter_cfg_lock = '/run/pmg-smtp-filter/pmg-smtp-filter.cfg.lck';
sub dump_smtp_filter_config {
my ($self) = @_;
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 04/10] create new users for the rule db
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 02/10] pmg-smtp-filter: move pid file into /run/pmg-smtp-filter Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 03/10] config: store config lock in smtp-filter runtime dir Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 05/10] postinstall: add new group for shared functionality Maximiliano Sandoval
` (5 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
These users will be used by the pmg-smtp-filter and pmgpolicy. We add a
helper function to open the rule_db as a given user.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/postinst | 8 ++++++++
src/PMG/DBTools.pm | 26 ++++++++++++++++++++++++--
src/bin/pmg-smtp-filter | 4 ++--
src/bin/pmgpolicy | 6 +++---
4 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/debian/postinst b/debian/postinst
index 770c944..63ed604 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -48,6 +48,10 @@ migrate_apt_auth_conf() {
fi
}
+migrate_pmg_smtp_filter() {
+ pmgdb update >/dev/null 2>&1 &
+}
+
case "$1" in
triggered)
@@ -67,6 +71,10 @@ case "$1" in
if test ! -e /proxmox_install_mode ; then
+ if test -n "$2" && dpkg --compare-versions "$2" 'lt' '8.1.3'; then
+ migrate_pmg_smtp_filter
+ fi
+
pmgconf="/etc/pmg/pmg.conf"
if test -n "$2" && dpkg --compare-versions "$2" 'lt' '8.0.2'; then
# on upgrade add pre 8.0 default values for advfilter, use_awl and use_bayes
diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm
index 8770d06..e653d8f 100644
--- a/src/PMG/DBTools.pm
+++ b/src/PMG/DBTools.pm
@@ -38,7 +38,7 @@ sub cgreylist_merge_sql {
}
sub open_ruledb {
- my ($database, $host, $port) = @_;
+ my ($database, $host, $port, $user) = @_;
$port //= 5432;
@@ -74,13 +74,19 @@ sub open_ruledb {
return $rdb;
} else {
my $dsn = "DBI:Pg:dbname=$database;host=/var/run/postgresql;port=$port";
- my $user = $> == 0 ? 'root' : 'www-data';
+ $user //= $> == 0 ? 'root' : 'www-data';
my $dbh = DBI->connect($dsn, $user, undef, { PrintError => 0, RaiseError => 1 });
return $dbh;
}
}
+sub open_ruledb_as {
+ my ($database, $user) = @_;
+
+ open_ruledb($database, undef, undef, $user);
+}
+
sub delete_ruledb {
my ($dbname) = @_;
@@ -609,6 +615,22 @@ sub upgradedb {
}
}
+ foreach my $user ('pmgpolicy', 'pmg-smtp-filter') {
+ eval {
+ my $silent_opts = { outfunc => sub {}, errfunc => sub {} };
+ postgres_admin_cmd('createuser', $silent_opts, '-D', $user);
+
+ $dbh->begin_work;
+ $dbh->do("GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO \"$user\"");
+ $dbh->do("GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO \"$user\"");
+ $dbh->commit;
+
+ };
+ if (my $err = $@) {
+ $dbh->rollback;
+ }
+ }
+
foreach my $table (keys %$tables) {
eval { $dbh->do("ANALYZE $table"); };
warn $@ if $@;
diff --git a/src/bin/pmg-smtp-filter b/src/bin/pmg-smtp-filter
index b19242a..9f46941 100755
--- a/src/bin/pmg-smtp-filter
+++ b/src/bin/pmg-smtp-filter
@@ -387,7 +387,7 @@ sub load_config {
PMG::MailQueue::create_spooldirs($self->{cinfo}->{local}->{cid});
eval {
- my $dbh = PMG::DBTools::open_ruledb ($database);
+ my $dbh = PMG::DBTools::open_ruledb_as($database, 'pmg-smtp-filter');
$self->{ruledb} = PMG::RuleDB->new ($dbh);
# load rulecache
@@ -538,7 +538,7 @@ sub run_dequeue {
my $cinfo = PVE::INotify::read_file("cluster.conf");
- my $dbh = eval { PMG::DBTools::open_ruledb($database) };
+ my $dbh = eval { PMG::DBTools::open_ruledb_as($database, 'pmg-smtp-filter') };
if ($err = $@) {
$self->log (0, "ERROR: $err");
return;
diff --git a/src/bin/pmgpolicy b/src/bin/pmgpolicy
index 51a03d1..5e5c69e 100755
--- a/src/bin/pmgpolicy
+++ b/src/bin/pmgpolicy
@@ -142,7 +142,7 @@ sub run_dequeue {
my $dbh;
eval {
- $dbh = PMG::DBTools::open_ruledb($database);
+ $dbh = PMG::DBTools::open_ruledb_as($database, 'pmgpolicy');
};
my $err = $@;
@@ -343,7 +343,7 @@ sub load_config {
my $dbh;
eval {
- $dbh = PMG::DBTools::open_ruledb($database);
+ $dbh = PMG::DBTools::open_ruledb_as($database, 'pmgpolicy');
$self->{ruledb} = PMG::RuleDB->new($dbh);
$self->{rulecache} = PMG::RuleCache->new($self->{ruledb});
};
@@ -523,7 +523,7 @@ sub greylist_value {
$self->log(0, 'Database connection broken - trying to reconnect');
my $dbh;
eval {
- $dbh = PMG::DBTools::open_ruledb($database);
+ $dbh = PMG::DBTools::open_ruledb_as($database, 'pmgpolicy');
};
my $err = $@;
if ($err) {
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 05/10] postinstall: add new group for shared functionality
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
` (2 preceding siblings ...)
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 04/10] create new users for the rule db Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 06/10] postinstall: make rrdcached be readable by the pmg group Maximiliano Sandoval
` (4 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
A shared group named 'pmg' is introduced for processes that need to be
accessible from multiple processes like spamassassin, rrdcached or the
mail queue at /var/spool/pmg.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/pmg-api.sysusers | 1 +
debian/postinst | 4 ++++
debian/rules | 2 +-
3 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 debian/pmg-api.sysusers
diff --git a/debian/pmg-api.sysusers b/debian/pmg-api.sysusers
new file mode 100644
index 0000000..a546c45
--- /dev/null
+++ b/debian/pmg-api.sysusers
@@ -0,0 +1 @@
+g pmg - -
diff --git a/debian/postinst b/debian/postinst
index 63ed604..ebae645 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -49,6 +49,10 @@ migrate_apt_auth_conf() {
}
migrate_pmg_smtp_filter() {
+ systemd-sysusers
+
+ chown :pmg /var/lib/pmg
+
pmgdb update >/dev/null 2>&1 &
}
diff --git a/debian/rules b/debian/rules
index 3e15079..ea8f110 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,7 +13,7 @@ include debian/rules.env
export REPOID=${REPOID_GENERATED}
%:
- dh $@
+ dh $@ --with installsysusers
override_dh_installsystemd:
dh_installsystemd --no-start --no-stop-on-upgrade \
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 06/10] postinstall: make rrdcached be readable by the pmg group
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
` (3 preceding siblings ...)
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 05/10] postinstall: add new group for shared functionality Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 07/10] spamasassin: store files in dir managed by pmg Maximiliano Sandoval
` (3 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/install | 1 +
debian/postinst | 5 +++++
debian/rrdcached-sockgroup.conf | 2 ++
3 files changed, 8 insertions(+)
create mode 100644 debian/rrdcached-sockgroup.conf
diff --git a/debian/install b/debian/install
index 35882f8..491dfdf 100644
--- a/debian/install
+++ b/debian/install
@@ -11,3 +11,4 @@ debian/pmgreport.service /lib/systemd/system/
debian/pmgspamreport.service /lib/systemd/system/
debian/pmgsync.service /lib/systemd/system/
debian/pmgtunnel.service /lib/systemd/system/
+debian/rrdcached-sockgroup.conf /lib/systemd/system/rrdcached.service.d/
diff --git a/debian/postinst b/debian/postinst
index ebae645..998f7a3 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -53,6 +53,11 @@ migrate_pmg_smtp_filter() {
chown :pmg /var/lib/pmg
+ if systemctl --quiet is-active rrdcached.service ; then
+ systemctl daemon-reload
+ deb-systemd-invoke reload-or-try-restart rrdcached.service >/dev/null || true
+ fi
+
pmgdb update >/dev/null 2>&1 &
}
diff --git a/debian/rrdcached-sockgroup.conf b/debian/rrdcached-sockgroup.conf
new file mode 100644
index 0000000..bee76ac
--- /dev/null
+++ b/debian/rrdcached-sockgroup.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment=SOCKGROUP=pmg
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 07/10] spamasassin: store files in dir managed by pmg
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
` (4 preceding siblings ...)
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 06/10] postinstall: make rrdcached be readable by the pmg group Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 08/10] mailqueue: make mail queue writable by pmg group Maximiliano Sandoval
` (2 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
src/PMG/Config.pm | 8 ++++----
src/PMG/Report.pm | 2 +-
src/bin/pmg-smtp-filter | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 95bc57b..a91bb10 100644
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -1594,13 +1594,13 @@ sub rewrite_config_spam {
# delete AW and bayes databases if those features are disabled
if (!$use_awl) {
- $changes = 1 if unlink '/root/.spamassassin/auto-whitelist';
+ $changes = 1 if unlink '/var/lib/pmg/spamassassin/auto-whitelist';
}
if (!$use_bayes) {
- $changes = 1 if unlink '/root/.spamassassin/bayes_journal';
- $changes = 1 if unlink '/root/.spamassassin/bayes_seen';
- $changes = 1 if unlink '/root/.spamassassin/bayes_toks';
+ $changes = 1 if unlink '/var/lib/pmg/spamassassin/bayes_journal';
+ $changes = 1 if unlink '/var/lib/pmg/spamassassin/bayes_seen';
+ $changes = 1 if unlink '/var/lib/pmg/spamassassin/bayes_toks';
}
# make sure we have the custom SA files (else cluster sync fails)
diff --git a/src/PMG/Report.pm b/src/PMG/Report.pm
index 100a197..3512ecf 100644
--- a/src/PMG/Report.pm
+++ b/src/PMG/Report.pm
@@ -123,7 +123,7 @@ sub check_dns_resolution {
debug => 0,
local_tests_only => 0,
home_dir_for_helpers => '/root',
- userstate_dir => '/root/.spamassassin',
+ userstate_dir => '/var/lib/pmg/spamassassin',
dont_copy_prefs => 1,
stop_at_threshold => 0,
});
diff --git a/src/bin/pmg-smtp-filter b/src/bin/pmg-smtp-filter
index 9f46941..f9499df 100755
--- a/src/bin/pmg-smtp-filter
+++ b/src/bin/pmg-smtp-filter
@@ -460,7 +460,7 @@ sub pre_loop_hook {
debug => 0,
local_tests_only => $opt_testmode || !$rbl_checks,
home_dir_for_helpers => '/root',
- userstate_dir => '/root/.spamassassin',
+ userstate_dir => '/var/lib/pmg/spamassassin',
dont_copy_prefs => 1,
stop_at_threshold => 0,
});
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 08/10] mailqueue: make mail queue writable by pmg group
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
` (5 preceding siblings ...)
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 07/10] spamasassin: store files in dir managed by pmg Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 09/10] d/sysusers: add users for pmgpolicy and smtp-filter Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 10/10] fix #4926: run pmg-smtp-filter and pmgpolicy without root rights Maximiliano Sandoval
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/postinst | 9 +++++++++
src/PMG/MailQueue.pm | 7 ++++---
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/debian/postinst b/debian/postinst
index 998f7a3..905d850 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -53,6 +53,15 @@ migrate_pmg_smtp_filter() {
chown :pmg /var/lib/pmg
+ chown :pmg /var/spool/pmg/active
+ chown :pmg /var/spool/pmg/virus
+ chown :pmg /var/spool/pmg/spam
+ chown :pmg /var/spool/pmg/attachment
+ chmod g+w /var/spool/pmg/active
+ chmod g+w /var/spool/pmg/virus
+ chmod g+w /var/spool/pmg/spam
+ chmod g+w /var/spool/pmg/attachment
+
if systemctl --quiet is-active rrdcached.service ; then
systemctl daemon-reload
deb-systemd-invoke reload-or-try-restart rrdcached.service >/dev/null || true
diff --git a/src/PMG/MailQueue.pm b/src/PMG/MailQueue.pm
index 4e37cb9..adbf28c 100644
--- a/src/PMG/MailQueue.pm
+++ b/src/PMG/MailQueue.pm
@@ -33,12 +33,13 @@ sub create_spooldirs {
"$spooldir/attachment",
]) if $cleanup;
- mkpath([
+ mkpath(
"$spooldir/active",
"$spooldir/spam",
"$spooldir/virus",
"$spooldir/attachment",
- ]);
+ { group=>'pmg', chmod=>0775 },
+ );
if ($lcid) {
mkpath "$spooldir/cluster/$lcid/virus";
@@ -68,7 +69,7 @@ sub new_fileid {
my $uid;
my $subsubdir = '';
- if (!($fh = IO::File->new ($path, 'w+', 0600))) {
+ if (!($fh = IO::File->new ($path, 'w+', 0660))) {
die "unable to create file '$path': $! : ERROR";
}
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 09/10] d/sysusers: add users for pmgpolicy and smtp-filter
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
` (6 preceding siblings ...)
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 08/10] mailqueue: make mail queue writable by pmg group Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 10/10] fix #4926: run pmg-smtp-filter and pmgpolicy without root rights Maximiliano Sandoval
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
The pmgpolicy user needs access to the system journals so we add it to
the systemd-journal group.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/pmg-api.sysusers | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/debian/pmg-api.sysusers b/debian/pmg-api.sysusers
index a546c45..11fa19e 100644
--- a/debian/pmg-api.sysusers
+++ b/debian/pmg-api.sysusers
@@ -1 +1,6 @@
g pmg - -
+u pmg-smtp-filter - "SMTP filter user"
+u pmgpolicy - "Mail policy user"
+m pmg-smtp-filter pmg -
+m pmgpolicy pmg -
+m pmgpolicy systemd-journal -
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [pmg-devel] [PATCH api v4 10/10] fix #4926: run pmg-smtp-filter and pmgpolicy without root rights
2024-07-10 14:35 [pmg-devel] [PATCH api v4 01/10] pmgpolicy: move pid file into /run/pmgpolicy Maximiliano Sandoval
` (7 preceding siblings ...)
2024-07-10 14:35 ` [pmg-devel] [PATCH api v4 09/10] d/sysusers: add users for pmgpolicy and smtp-filter Maximiliano Sandoval
@ 2024-07-10 14:35 ` Maximiliano Sandoval
8 siblings, 0 replies; 12+ messages in thread
From: Maximiliano Sandoval @ 2024-07-10 14:35 UTC (permalink / raw)
To: pmg-devel
New users 'pmg-smpt-filter' and 'pmgpolicy' are created for their
respective processes and we set their systemd units to use them.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
debian/pmg-smtp-filter.service | 2 ++
debian/pmgpolicy.service | 2 ++
2 files changed, 4 insertions(+)
diff --git a/debian/pmg-smtp-filter.service b/debian/pmg-smtp-filter.service
index c887dc2..c4d5e38 100644
--- a/debian/pmg-smtp-filter.service
+++ b/debian/pmg-smtp-filter.service
@@ -16,6 +16,8 @@ Type=forking
Restart=on-abort
RestartSec=10
RuntimeDirectory=pmg-smtp-filter
+User=pmg-smtp-filter
+Group=pmg-smtp-filter
[Install]
WantedBy=multi-user.target
diff --git a/debian/pmgpolicy.service b/debian/pmgpolicy.service
index 21a403f..cd8ee60 100644
--- a/debian/pmgpolicy.service
+++ b/debian/pmgpolicy.service
@@ -13,6 +13,8 @@ ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/run/pmgpolicy/pmgpolicy.pid
Type=forking
RuntimeDirectory=pmgpolicy
+User=pmgpolicy
+Group=pmgpolicy
[Install]
WantedBy=multi-user.target
--
2.39.2
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 12+ messages in thread