3
edits
Bugzilla:PostfixMTA: Difference between revisions
Add solution by using the web server user to run email_in.pl
(New page: === EMail Integration with Postfix as your MTA === There seem to be two approaches to enabling email input to Bugzilla: # A 'bugzilla' user with .forward and .procmail files in its home ...) |
(Add solution by using the web server user to run email_in.pl) |
||
| Line 1: | Line 1: | ||
=== EMail Integration with Postfix as your MTA === | === EMail Integration with Postfix as your MTA === | ||
Postfix can run email_in.pl from two places (as seen from <tt>postconf allow_mail_to_commands</tt>): | |||
# A 'bugzilla' user with .forward | # /etc/aliases line "bugzilla |/.../email_in.pl" — In this case email_in.pl runs under <tt>$default_privs</tt> (by default nobody) and has no access to Bugzilla. | ||
# A 'bugzilla' user with .forward in its home directory to invoke email_in.pl — In this case the process runs with the privileges of the recipient. | |||
When setting up Bugzilla the documentation says to run checksetup.pl | When setting up Bugzilla the documentation says to run checksetup.pl | ||
| Line 19: | Line 18: | ||
[http://article.gmane.org/gmane.mail.postfix.user/88627/match=supplementary+group]) and cannot load <tt>data/params</tt>. | [http://article.gmane.org/gmane.mail.postfix.user/88627/match=supplementary+group]) and cannot load <tt>data/params</tt>. | ||
= Solution by bugzilla file ownership = | |||
You can give the bugzilla user ownership to Bugzilla files for the .forward/.procmail scenario | |||
as follows (bugzilla installed at /opt/bugzilla): | |||
# chown -R bugzilla.bugzilla /opt/bugzilla | # chown -R bugzilla.bugzilla /opt/bugzilla | ||
# usermod -G apache bugzilla | # usermod -G apache bugzilla | ||
# as user 'bugzilla' run checksetup.pl | # as user 'bugzilla' run checksetup.pl — the bugzilla files get <code>chown</code>'ed to bugzilla.apache and locked down | ||
Step 2 is needed to allow step 3 to succeed. You can revoke | Step 2 is needed to allow step 3 to succeed. You can revoke | ||
| Line 31: | Line 32: | ||
This setup allows the MTA to run .forward/.procmail as the 'bugzilla' | This setup allows the MTA to run .forward/.procmail as the 'bugzilla' | ||
user while apache also has the necessary access. | user while apache also has the necessary access. | ||
= Solution by user primary group = | |||
Another way is to use a user that has the <tt>$webservergroup</tt> as his primary group: <tt>usermod -g apache bugzilla</tt>. | |||
If you do not want to modify the bugzilla user for this, or have a bugzilla user at all, the web server user (typically wwwrun or apache) might already have the proper primary group. | |||
Since you do not want to forward all mail for apache to email_in.pl, you might set the recipient_delimiter to + (<tt>postconf recipient_delimiter=+</tt>) and instead alias bugzilla to extension apache+bugzilla. For this to work, you can not have an alias for apache and need to take it out. You'll have in /etc/aliases: | |||
#apache: root | |||
... | |||
bugzilla: apache+bugzilla | |||
Then in the home directory of apache user (see <tt>getent passwd apache</tt>, maybe /var/lib/apache, bash gives it automatically with <tt>~apache</tt>), pipe to email_in.pl in file .forward+bugzilla (as specified by postconf default <tt>$forward_path</tt>, and do not forget any original apache forward): | |||
echo 'root' > ~apache/.forward | |||
echo '|/.../email_in.pl' > ~apache/.forward+bugzilla | |||