110 lines
3.2 KiB
Groff
110 lines
3.2 KiB
Groff
.TH SPAWN 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
spawn
|
|
\-
|
|
Postfix external command spawner
|
|
.SH SYNOPSIS
|
|
.na
|
|
.nf
|
|
\fBspawn\fR [generic Postfix daemon options] command_attributes...
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The \fBspawn\fR daemon provides the Postfix equivalent of \fBinetd\fR.
|
|
It listens on a port as specified in the Postfix \fBmaster.cf\fR file
|
|
and spawns an external command whenever a connection is established.
|
|
The connection can be made over local IPC (such as UNIX-domain
|
|
sockets) or over non-local IPC (such as TCP sockets).
|
|
The command\'s standard input, output and error streams are connected
|
|
directly to the communication endpoint.
|
|
|
|
This daemon expects to be run from the \fBmaster\fR(8) process
|
|
manager.
|
|
.SH COMMAND ATTRIBUTE SYNTAX
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The external command attributes are given in the \fBmaster.cf\fR
|
|
file at the end of a service definition. The syntax is as follows:
|
|
.IP "\fBuser\fR=\fIusername\fR (required)"
|
|
.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
|
|
The external command is executed with the rights of the
|
|
specified \fIusername\fR. The software refuses to execute
|
|
commands with root privileges, or with the privileges of the
|
|
mail system owner. If \fIgroupname\fR is specified, the
|
|
corresponding group ID is used instead of the group ID of
|
|
of \fIusername\fR.
|
|
.IP "\fBargv\fR=\fIcommand\fR... (required)"
|
|
The command to be executed. This must be specified as the
|
|
last command attribute.
|
|
The command is executed directly, i.e. without interpretation of
|
|
shell meta characters by a shell command interpreter.
|
|
.SH BUGS
|
|
.ad
|
|
.fi
|
|
In order to enforce standard Postfix process resource controls,
|
|
the \fBspawn\fR daemon runs only one external command at a time.
|
|
As such, it presents a noticeable overhead by wasting precious
|
|
process resources. The \fBspawn\fR daemon is expected to be
|
|
replaced by a more structural solution.
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
The \fBspawn\fR daemon reports abnormal child exits.
|
|
Problems are logged to \fBsyslogd\fR(8).
|
|
.SH SECURITY
|
|
.na
|
|
.nf
|
|
.fi
|
|
.ad
|
|
This program needs root privilege in order to execute external
|
|
commands as the specified user. It is therefore security sensitive.
|
|
However the \fBspawn\fR daemon does not talk to the external command
|
|
and thus is not vulnerable to data-driven attacks.
|
|
.SH CONFIGURATION PARAMETERS
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following \fBmain.cf\fR parameters are especially relevant to
|
|
this program. See the Postfix \fBmain.cf\fR file for syntax details
|
|
and for default values. Use the \fBpostfix reload\fR command after
|
|
a configuration change.
|
|
.SH Miscellaneous
|
|
.ad
|
|
.fi
|
|
.IP \fBexport_environment\fR
|
|
List of names of environment parameters that can be exported
|
|
to non-Postfix processes.
|
|
.IP \fBmail_owner\fR
|
|
The process privileges used while not running an external command.
|
|
.SH Resource control
|
|
.ad
|
|
.fi
|
|
.IP \fIservice\fB_command_time_limit\fR
|
|
The amount of time the command is allowed to run before it is
|
|
killed with force. The \fIservice\fR name is the name of the entry
|
|
in the \fBmaster.cf\fR file. The default time limit is given by the
|
|
global \fBcommand_time_limit\fR configuration parameter.
|
|
.SH SEE ALSO
|
|
.na
|
|
.nf
|
|
master(8) process manager
|
|
syslogd(8) system logging
|
|
.SH LICENSE
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH AUTHOR(S)
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|