Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/gnu/dist/postfix/html/spawn.8.html

135 lines
4.3 KiB
HTML
Raw Blame History

<html> <head> </head> <body> <pre>
SPAWN(8) SPAWN(8)
<b>NAME</b>
spawn - Postfix external command spawner
<b>SYNOPSIS</b>
<b>spawn</b> [generic Postfix daemon options] command_attributes...
<b>DESCRIPTION</b>
The <b>spawn</b> daemon provides the Postfix equivalent of <b>inetd</b>.
It listens on a port as specified in the Postfix <b>master.cf</b>
file and spawns an external command whenever a connection
is established. The connection can be made over local IPC
(such as UNIX-domain sockets) or over non-local IPC (such
as TCP sockets). The command's standard input, output and
error streams are connected directly to the communication
endpoint.
This daemon expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process
manager.
<b>COMMAND</b> <b>ATTRIBUTE</b> <b>SYNTAX</b>
The external command attributes are given in the <b>master.cf</b>
file at the end of a service definition. The syntax is as
follows:
<b>user</b>=<i>username</i> (required)
<b>user</b>=<i>username</i>:<i>groupname</i>
The external command is executed with the rights of
the specified <i>username</i>. The software refuses to
execute commands with root privileges, or with the
privileges of the mail system owner. If <i>groupname</i>
is specified, the corresponding group ID is used
instead of the group ID of of <i>username</i>.
<b>argv</b>=<i>command</i>... (required)
The command to be executed. This must be specified
as the last command attribute. The command is exe-
cuted directly, i.e. without interpretation of
shell meta characters by a shell command inter-
preter.
<b>BUGS</b>
In order to enforce standard Postfix process resource con-
trols, the <b>spawn</b> daemon runs only one external command at
a time. As such, it presents a noticeable overhead by
wasting precious process resources. The <b>spawn</b> daemon is
expected to be replaced by a more structural solution.
<b>DIAGNOSTICS</b>
The <b>spawn</b> daemon reports abnormal child exits. Problems
are logged to <b>syslogd</b>(8).
<b>SECURITY</b>
This program needs root privilege in order to execute
1
SPAWN(8) SPAWN(8)
external commands as the specified user. It is therefore
security sensitive. However the <b>spawn</b> daemon does not
talk to the external command and thus is not vulnerable to
data-driven attacks.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Miscellaneous</b>
<b>export</b><i>_</i><b>environment</b>
List of names of environment parameters that can be
exported to non-Postfix processes.
<b>mail</b><i>_</i><b>owner</b>
The process privileges used while not running an
external command.
<b>Resource</b> <b>control</b>
<i>service_</i><b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b>
The amount of time the command is allowed to run
before it is killed with force. The <i>service</i> name is
the name of the entry in the <b>master.cf</b> file. The
default time limit is given by the global <b>com-</b>
<b>mand</b><i>_</i><b>time</b><i>_</i><b>limit</b> configuration parameter.
<b>SEE</b> <b>ALSO</b>
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
</pre> </body> </html>
Reference in New Issue View Git Blame Copy Permalink