On Mon 07 Jul 2003 07:43, Guillaume Cottenceau posted as excerpted below: > Following bug #3967, I'd like to add a > /usr/share/doc/postfix-2.0.12/MANDRAKE.SPECIFIC.CHROOT_README > file. I'd write something like the following. Please share with > me your wise comments on it. > > -----8<----------8<----------8<----------8<----------8<----- > In Postfix's default configuration of MandrakeSoft's RPM package, > we're running chroot'ed.
I think that wording needs a bit of work. The problem is the word ordering, probably due to your attempt to translate your thoughts, but which as written means something a bit different than I think you meant. As written, it appears that Postfix is configuring Mandrake's RPM package, rather than the other way around. I believe you meant to say.. "In MandrakeSoft's RPM package of Postfix, the default configuration is to run chroot'ed." .. That still sounds a bit awkward.. How about.. "MandrakeSoft's package of Postfix by default runs chroot'ed." (Or change "by default" to "in its default configuration") It may be a good idea to mention WHY Mdk chooses to do that, as well.. "MandrakeSoft's package of Postfix for security reasons runs chroot'ed by default." I'd also suggest inserting a URL pointing to a good discussion of the security implications of a chroot, and why it's a good idea in general, quite apart from postfix specifically. Sometimes we just take for granted that people know such info, if they have reason to install such a package. That may or may not be the case, but a sentence or two pointing to a good discussion of the principles involved never hurts and COULD make someone a better admin than they'd be otherwise, especially if they sort of "inherited" the job, with no real training, or are learning as they go and this is their first deployment. Something like (as a footnote for instance) .. For more information on chroots and how they benefit security, see http://whatever.example.com/chroot.htm. B4 U ask, no, I don't have such a URL handy.. <g> I'm assuming someone either has a good one handy, or a googlize might be helpful. -- Duncan "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." Benjamin Franklin
