I was doing some work with postfix logrotation as part of a recent project and ran across what seems to be unintended behavior.
When running postfix logrotate the maillog_file is created with 600 permissions which was tripping up a log tail system of ours. I'm working on the log tailer, but looking through the source it appears the maillog_file is intended to have 0644 permissions https://github.com/vdukhovni/postfix/blob/master/postfix/src/util/logwriter.c#L85 Looking into why, the logrotate command calls master -t to trigger creating the new maillog_file https://github.com/vdukhovni/postfix/blob/master/postfix/conf/postfix-script#L431 However the master binary sets a umask of 077 as one of its first actions https://github.com/vdukhovni/postfix/blob/master/postfix/src/master/master.c#L297 According to the docs for open https://man7.org/linux/man-pages/man2/open.2.html The effective mode is modified by the process's umask in the usual way: in the absence of a default ACL, the mode of the created file is (mode & ~umask). The umask setting results in the created maillog_file having a mode of 600 even though it appears it was intended to be 0644 considering it was explicitly set that way in logwriter. I've got ways around this situation, but this seemed like unintended behavior so figured I'd bring it up -David Roe
_______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
