On Sun, Jan 30, 2022 at 12:14:30PM -0500, Wietse Venema wrote:
> Perhaps the time has come to get away from giving non-Postfix
> programs access to a directory with Postfix internal sockets.
>
> We could redesign the master.cf 'private' field, so that for
> UNIX-domain sockets:
>
> master.cf directory mode
> y private 0700 (no change)
> n protected 0710 (was: public)
> x public local policy
>
> Postfix sockets are moved from the 'public' to the 'protected'
> directory, and the 'public' directory no longer contains any Postfix
> sockets.
>
> Then we can remove the 'public' directory from /etc/postfix/postfix-files,
> and leave the dirctory owner/group and permissions up to local
> policy. Each application can have its own subdirectory under 'public'
> with permissions that allow access to only that app and postfix.
>
> With inet sockets, 'y' and 'n' behave as before, and 'x' behaves
> like 'n'.
Seems mostly reasonable for Postfix 3.8. The "dovecot" auth socket is
typically in "public" IIRC. It would probably now be "protected", and I
am not sure that we want to force everyone to change configs to do that
so perhaps "public" is the long-term name for protected services, and
the unprotected ones get a new name?
--
Viktor.
