Anyone have objections to forcing all chroot capable postfix daemons to
run chrooted by default? I believe there is already precedence to do
this based on other package instructions. This should probably wait
till after 6.3 because we are close to release. The commands to setup
the environment would be:
{{{
mkdir -p /var/spool/postfix/{etc,lib,usr/lib/zoneinfo} &&
cp -af /etc/{hosts,localtime,nsswitch.conf,passwd,resolv.conf,services} \
/var/spool/postfix/etc &&
cp -af /lib/lib{nss*,resolv*} \
/var/spool/postfix/lib &&
cp -af /etc/localtime /var/spool/postfix/usr/lib/zoneinfo
}}}
And to enable chroot for each service - and fix the two that shouldn't
be modified. These commands are are ugly, so I'm open to better
suggestions (maybe a forindo or such):
{{{
sed -e "s@ - n@ - -@" \
-e "[EMAIL PROTECTED] unix - - [EMAIL PROTECTED] unix -
-
n@" \
-e "[EMAIL PROTECTED] unix - - [EMAIL PROTECTED] unix -
-
n@" \
-i /etc/postfix/master.cf
}}}
Although I'm very confident in the instructions (especially since I just
tested them on a new box that will replace my existing server), I still
think it's too close to release for 6.3. Assuming no objections, I'll
put these commands (or similar) into the wiki for possible inclusion
after the release.
-- DJ Lucas
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
