madt.e-technik.uni-dortmund.de

• Next message: Wietse Venema: "Re: [OT] Re: Is this feasible?"
• Previous message: Lars Hecking: "Re: [OT] Re: Is this feasible?"
• Next in thread: Andreas Siegert: "Re: To chroot or not to chroot, sgid or not to sgid?"
• Maybe reply: Matthias Andree: "Re: To chroot or not to chroot, sgid or not to sgid?"
• Reply: Andreas Siegert: "Re: To chroot or not to chroot, sgid or not to sgid?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jseymourjimsun.LinxNet.com (Jim Seymour) writes:

> The question I have, specifically wrt chroot-ing, is this: can
> somebody, or many somebodies, appraise me of what increased, on-going
> administrative issues may be involved? The point that occurs to me is
> that as certain files are changed over time, it will be necessary to
> manually (?) keep the chroot-ed copies in sync with their "real"
> counterparts.

Postfix scripts account for that and warn if the "real world" files are
out of sync with the chrooted ones.

> Do many of you run Postfix chroot-ed? Do many not do so? Secure, as I
> am, that Postfix is secure enough without it? Or am I being over-
> confident?

I run it chroot()ed and setgid()ed without trouble (though if the server
has only staff logins and no user logins you might consider not to
setgid()), and it's even behind a firewall and incoming mail relay (PP
5.0). Every little bit of security helps, just in case.

-- 
Matthias Andree
Hi! I'm the infamous .signature virus!
Copy me into your ~/.signature to help me spread!

• Next message: Wietse Venema: "Re: [OT] Re: Is this feasible?"
• Previous message: Lars Hecking: "Re: [OT] Re: Is this feasible?"
• Next in thread: Andreas Siegert: "Re: To chroot or not to chroot, sgid or not to sgid?"
• Maybe reply: Matthias Andree: "Re: To chroot or not to chroot, sgid or not to sgid?"
• Reply: Andreas Siegert: "Re: To chroot or not to chroot, sgid or not to sgid?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]