On Thu, Oct 10, 2002 at 03:38:01PM -0700, Todd Lyons wrote: > Tommy Wareing wrote on Thu, Oct 10, 2002 at 11:26:56PM +0100 : > > > everything Postfix needs has to duplicated in /var/spool/postfix/etc. More > > > secure but more setup needed. > > Anybody know how to make this work with linuxconf profiles? I move my > > laptop between my home and office, and need different DNS > > configurations at both. Linuxconf handles this adequately. Or it used > > to, until this change to postfix, which now drops dead until I update > > the /var/spool files by hand, and restart the service. > > Untested, so you're my guinea pi^W^W tester: > > cp /etc/hosts /var/spool/postfix/etc > rm /etc/hosts > cd /etc > ln -s ../var/spool/postfix/etc/hosts hosts > > Don't know if linuxconf will complain about that being a link, but if it > doesn't, it should work. The question is, does linuxconf copy files > around or does it modify the file in place? If it copies them, it > probably won't work the way you want. But if it modifies the files in > place, it probably will work the way you want.
Actually it's resolv.conf I need to target, not hosts. But that's a side issue. Yes this does work. Cute. I'd considered the link the other way around (from postfix to 'normal'), but that would break from within the chroot anyay, so I'd just cursed. There's the question of security: this now allows a breached postfix to rewrite resolv.conf for the rest of my machine, although only that single file. So it's safer than not chroot-ing, but not as good as fixing all the applications which write to resolv.conf (linuxconf and dhcp being the two I can think of, but there may be sufficient others to mean this isn't viable). Of course, if we ever have two different chroot'd applications, this won't be viable, so in the long term, it's still a potential problem. But at least I can continue to outfunction all our office Solaris boxes ;-) -- Tommy
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
