Re: owner/mode of dynamicmaps.cf (a bit OT)
08.05.2011 22:33, Ralf Hildebrandt wrote: /etc/postfix/dynamicmaps.cf as provided by Ubuntu/Debian is: -rw-r--r-- 1 root root 318 2011-04-22 15:04 /etc/postfix/dynamicmaps.cf by default. Which programs are using it and when? Before dropping privileges? After? Does /usr/sbin/sendmail use it? Every postfix program that deals with maps/dictionaries uses this file. Since all dicts are open as root, it's used before dropping privileges. Yeah, I know. It's a patch. Just asking if 644 is the ultima ratio or if (under special circumstances) something like mode 640, user root, group postfix might work as well. And immediately after that, postfix-start will complain about wrong permissions of a file in /etc/postfix/. No, dynamicmaps.cf is very like main.cf or master.cf files. What special cirsumstances you're talking about? Thanks, /mjt
Re: owner/mode of dynamicmaps.cf (a bit OT)
On Sun, May 08, 2011 at 10:10:04PM +0200, Ralf Hildebrandt wrote: This file contains no secrets, unless you have put some secret in the comments. I was also wondering why somebody would want to somehow hide the contents. Unlikely, since postdrop/postqueue don't run as root, and potentially use tables, I would expect these to break if the list of dynamically loadable tables is not world-readable. -- Viktor.
owner/mode of dynamicmaps.cf (a bit OT)
/etc/postfix/dynamicmaps.cf as provided by Ubuntu/Debian is: -rw-r--r-- 1 root root 318 2011-04-22 15:04 /etc/postfix/dynamicmaps.cf by default. Which programs are using it and when? Before dropping privileges? After? Does /usr/sbin/sendmail use it? Yeah, I know. It's a patch. Just asking if 644 is the ultima ratio or if (under special circumstances) something like mode 640, user root, group postfix might work as well. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: owner/mode of dynamicmaps.cf (a bit OT)
Ralf Hildebrandt: /etc/postfix/dynamicmaps.cf as provided by Ubuntu/Debian is: -rw-r--r-- 1 root root 318 2011-04-22 15:04 /etc/postfix/dynamicmaps.cf by default. Which programs are using it and when? Before dropping privileges? After? Does /usr/sbin/sendmail use it? Yeah, I know. It's a patch. /etc/postfix and everything under it must be owned by root and not writable by anyone else. dynamicmaps.cf is from Lamont Jones's Debian feature that allows support for LDAP, *SQL etc. to be added without recompiling Postfix. However, not all the world is Debian. As for run-time privileges, Postfix daemons open tables before dropping privileges. Postfix commands such as postmap open tables with the privileges of the user itself (if invoked by root, postmap may decide that root privileges are too powerful, for example, when a table is owned by a non-root user). Just asking if 644 is the ultima ratio or if (under special circumstances) something like mode 640, user root, group postfix might work as well. This file contains no secrets, unless you have put some secret in the comments. Wietse
Re: owner/mode of dynamicmaps.cf (a bit OT)
* Wietse Venema wie...@porcupine.org: This file contains no secrets, unless you have put some secret in the comments. I was also wondering why somebody would want to somehow hide the contents. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
