我最近开始将我的邮件服务器迁移到 systemd。
我有一个别名哈希图:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
启动服务时:
systemctl restart postfix
无论我设置什么权限,newalias 和 postalias 都会抱怨我的 aliases.db 权限:
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-07-22 00:36:08 CEST; 22ms ago
Process: 299515 ExecStartPre=/usr/bin/newaliases (code=exited, status=1/FAILURE)
Process: 299518 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Main PID: 299596 (master)
CPU: 721ms
CGroup: /system.slice/postfix.service
├─299596 /usr/libexec/postfix/master -w
├─299597 pickup -l -t unix -u
└─299598 qmgr -l -t unix -u
jul 22 00:36:07 rulakir systemd[1]: Starting Postfix Mail Transport Agent...
jul 22 00:36:07 rulakir newaliases[299515]: postalias: fatal: open /etc/postfix/aliases.db: Read-only file system
jul 22 00:36:07 rulakir postfix/postalias[299515]: fatal: open /etc/postfix/aliases.db: Read-only file system
jul 22 00:36:08 rulakir postfix/postfix-script[299582]: warning: group or other writable: /etc/postfix/./aliases.db
jul 22 00:36:08 rulakir postfix/postfix-script[299594]: starting the Postfix mail system
jul 22 00:36:08 rulakir postfix/master[299596]: daemon started -- version 3.5.1, configuration /etc/postfix
jul 22 00:36:08 rulakir systemd[1]: Started Postfix Mail Transport Agent.
它抱怨它只读,但是如果我将组或所有者更改为后缀,它会抱怨它应该由 root 拥有和/或它具有写权限。我应该给aliases和什么权限aliases.db?
Gentoo mail-mta/postfix 软件包的systemd 服务单元默认包含强化选项,这些选项确实对服务进行沙箱处理。具体来说:
尽管有额外的沙盒,
/etc/mail/aliases.db文件应该是可写的,这要归功于ReadWritePaths. 从 systemd.exec 手册页:基于截至撰写本文时最新的稳定 mail-mta/postfix ebuild (3.5.1),
src_prepare包括sed -i -e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/mail/aliases|"将别名映射的默认位置设置在适当的位置。然而,从您的日志中,您的似乎指向/etc/postfix/aliases.db. 我建议保留默认值/etc/mail/aliases.db或适当地覆盖ReadWritePaths使用systemctl edit postfix.service。