OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: URGENT suggestion to FAQ 19991231-pl09
From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Sun Sep 17 2000 - 17:05:31 CDT

Dear Wietse,

I hope this issue is not too late.

Since you are to release the 09 patchlevel of Postfix, and since
recently, on Usenet (de.comm.software.newsserver), there have been some
chroot() setup issues, could there be short FAQ notes about the chroot
implications? chroot issues are among the most common Postfix setup
issues discussed on news://de.comm.software.mailserver.

I imagine something how:

Q: Postfix does not work as expected, what can I do?

A: Some Postfix daemons may be running chroot()ed. That means, they see
$spooldir (/var/spool/postfix) as their root (/) directory. You must
make sure you really have all files available a daemon might need in the
chroot, particularly time zone and resolver configuration and
libraries. Copy missing files e. g. from /etc/hosts to
/var/spool/postfix/etc/hosts. running postfix check will warn if files
that are in the chroot have changed outside, but Postfix cannot detect
if a file that you need in the chroot is missing.

Q: How do I find out if daemons are running chroot()ed?

A: Read the /etc/postfix/master.cf configuration file. It determines
what daemons run chrooted. Mind the documentation section at the top of
that file. 

-- 
Matthias Andree