On Mon, Feb 07, 2011 at 10:33:13PM -0800, Quanah Gibson-Mount wrote:
>> Sorry, the mode is is not preserved either, it is always set to 0644, and
>> always has been set to 0644 (as far back as Postfix 1.0).
>
> Yeah, you're right. Something else has been changing the ownership
> back,and is no longer doing so (looking at an older release using an older
> postfix version). Sorry for the noise.
Does Zimbra really deploy a non root-owned main.cf (or master.cf) file?
If so, how are the security implications addressed? It is hard to imagine
how the owner of main.cf (if not root) is not then automatically able
to gain root privileges.
If so, it is a root account by another name, but likely less strongly
protected. Therefore, if I am not misreading your goals, I'm fairly
confident that they are not consistent with a proper security analysis
of the resulting system.
--
Viktor.
