Op donderdag 23 juni 2005 12:14, schreef Holly Bostick: > Jan Callewaert schreef: > > I'm afraid that I replied too fast. I searched google just a little more. > > qmgr runs inside a chroot in /var/spool/postfix. So I copied my > > /etc/localtime into the chroot (I had to create the /etc directory). I > > restarted postfix and the log time was correct. However, is this the way > > to do it? Since it's a chroot, I can't make a symlink, so whenever I > > change my timezone, I have to change it in two different places. I'm sure > > I'm going to forget this. Is there no other way? > > Hi Jan, > > It's quite possible that I'm talking out of my butt, since I don't use > > postfix, but this really confused me: > > Since it's a > > chroot, I can't make a symlink > > This just doesn't seem right, if postfix/qmgr requires some kind of time > marker. I get it that /etc is outside the chroot, but that seems to > suggest that either the chroot parameters are too narrow (and /etc > should be inside it, in which case you could create the symlink or > wouldn't need to), and/or that the logger is misconfigured, in that it > ought to be able to connect to /etc/localtime, but apparently is not. >
postfix/qmgr runs in the chroot /var/spool/postfix, so you can't access anything outside the chroot. So a symlink doesn't work > Since I don't know anything about this, I went Googling, and found > http://www.linuxsecurity.com/docs/HOWTO/Postfix-EnGarde-HOWTO.html , > which says: > > > General Information > Postfix configuration is done with the files in /etc/postfix, > /usr/lib/libexec/postfix contains the postfix daemons, and > /var/spool/postfix contains the mail queues and various mail staging > directories and the default chroot directory "etc" (if chrooting is > configured). > It's stated here that the chroot environment for postfix is /var/spool/postfix and that there a directory etc has to be. > /etc/postfix will be the most important directory as it controls > postfix's behaviour. This directory holds the two configuration files > and the aliases, virtual, transport, access, and other databases in maps. > > > Interestingly, this suggests that not only is /etc/ supposed to be in > the chroot, but that /etc is supposed to be the root of the chroot. > I don't think you're correct. I think that it suggests that 'a' directory etc is supposed to be there not 'the' directory /etc. Further in the link you provided, there's some information about it: Chroot Environment This environment is intended to limit system access to any malicious user who gains entry via an exploit of the mail system and contains only the very limited set of files necessary for the chrooted Postfix daemoms to run. The files that EnGarde includes in the chrooted environment are found in /var/spool/postfix/etc: [EMAIL PROTECTED] postfix]# ls -l /var/spool/postfix/etc total 24 -rw-r----- 1 root root 604 Mar 5 13:43 hosts -rw-r--r-- 1 postfix postfix 1250 Feb 7 08:30 localtime -rw-r--r-- 1 postfix postfix 153 Mar 6 11:45 resolv.conf -rw-r--r-- 1 postfix postfix 11332 Feb 7 08:30 services [EMAIL PROTECTED] postfix]# [EMAIL PROTECTED] postfix]# ls -l /var/spool/postfix/lib/ total 72 -rwxr-xr-x 1 postfix postfix 67600 Feb 7 08:30 libnss_dns.so.2 [EMAIL PROTECTED] postfix]# The /var/spool/postfix/etc files are copies of the ones found in /etc as is the /var/spool/postfix/lib/libnss_dns.so.2 a copy of the libnss_dns library found in /lib. I find it strange that this is not done automatically by gentoo, nor that it is stated somewhere in the docs or on the wiki. And I suppose I would have to copy the other files to into /var/spool/postfix/etc > So if I was you, I'd be interested in knowing why it is not, in your > case. Maybe it's a Gentoo thing, but in that case, surely there's a > Gentoo document detailing how to set up Postfix in the Gentoo System > Administration docs, or a config file somewhere in > /etc/(conf.d)(/postfix) that might explain why the chroot is in such a > weird place (it sounds weird to me, and I don't even use Postfix). > I have found this place in various documentations, so I'm sure this is not a gentoo thing. > Anyway, hope this is in some way useful, and not a load of babbling > idiocy. If it is (babbling idiocy), sorry to waste your time. > > Holly Not at all, I was wondering the same thing. I find it strange that the links are not automatically copied -- If it ain't broken, you just haven't looked hard enough. Fix it anyway. -- Tom Peters
pgpte1nNGuCBc.pgp
Description: PGP signature
