Postfix plugin permissions

[dynek]

Hello,

I'm running 1.5.0 and wanted to benefit from the Postfix plugin.
How did you guys (@phemmer ?) did it with telegraf running with telegraf user which doesn't have access to files owned by postfix in /var/spool/postfix?

Example:
Error in plugin [inputs.postfix]: error scanning queue active: open /var/spool/postfix/active: permission denied

Thanks

[danielnelson]

What is the owner/group for this directory? Perhaps you can add the telegraf user to this group.

[dynek]

Well thing is Postfix is pretty picky about its friends and most directories/files are owned by himself, group(s) have no permissions.
See:

4 drwx------  2 postfix root     4096 Dec 16 00:20 active
4 drwx------  2 postfix root     4096 Nov 28 10:20 bounce

Was wondering how @phemmer did it on his machine? May try to change permissions, hopefully Postfix won't notice and complain, because that's a production machine :-)

[danielnelson]

Hmm, might need to chgrp and add group permissions. Once we determine the best way we should add some documentation.

[phemmer]

3 options I can see

1. Run telegraf as root. This is what we do as we have telegraf monitoring a bunch of stuff you need root perms for.
2. Set a filesystem ACL.
3. Do a one time chmod+chgrp. I doubt postfix will modify the permissions after those directories have been created.