SPAWN(8) SPAWN(8)
NAME
spawn - Postfix external command spawner
SYNOPSIS
spawn [generic Postfix daemon options] command_attributes...
DESCRIPTION
The spawn daemon provides the Postfix equivalent of inetd.
It listens on a port as specified in the Postfix master.cf
file and spawns an external command whenever a connection
is established. The connection can be made over local IPC
(such as UNIX-domain sockets) or over non-local IPC (such
as TCP sockets). The command's standard input, output and
error streams are connected directly to the communication
endpoint.
This daemon expects to be run from the master(8) process
manager.
COMMAND ATTRIBUTE SYNTAX
The external command attributes are given in the master.cf
file at the end of a service definition. The syntax is as
follows:
user=username (required)
user=username:groupname
The external command is executed with the rights of
the specified username. The software refuses to
execute commands with root privileges, or with the
privileges of the mail system owner. If groupname
is specified, the corresponding group ID is used
instead of the group ID of of username.
argv=command... (required)
The command to be executed. This must be specified
as the last command attribute. The command is exe-
cuted directly, i.e. without interpretation of
shell meta characters by a shell command inter-
preter.
BUGS
In order to enforce standard Postfix process resource con-
trols, the spawn daemon runs only one external command at
a time. As such, it presents a noticeable overhead by
wasting precious process resources. The spawn daemon is
expected to be replaced by a more structural solution.
DIAGNOSTICS
The spawn daemon reports abnormal child exits. Problems
are logged to syslogd(8).
SECURITY
This program needs root privilege in order to execute
1
SPAWN(8) SPAWN(8)
external commands as the specified user. It is therefore
security sensitive. However the spawn daemon does not
talk to the external command and thus is not vulnerable to
data-driven attacks.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
export_environment
List of names of environment parameters that can be
exported to non-Postfix processes.
mail_owner
The process privileges used while not running an
external command.
Resource control
service_command_time_limit
The amount of time the command is allowed to run
before it is killed with force. The service name is
the name of the entry in the master.cf file. The
default time limit is given by the global com-
mand_time_limit configuration parameter.
SEE ALSO
master(8) process manager
syslogd(8) system logging
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2