17-Oct-02 at 16:43, Boniforti Flavio (boniforti.fco-ver.it) wrote :
>
> > Received emails go to /var/spool/mail anyway; it doesn't have to be a
> > user's $HOME for this to work. $HOME is only used as a
> > default place to
> > be when you login via a shell, or ftp perhaps, and a place to store
> > local configurations for things like mutt, pine, X windows... but only
> > if your users have a shell in the first place.
>
> Hummm... I'm using "Maildir" format.. That's the reason for which I'm
> using $HOME...

I still don't think it's an issue, but I don't run Maildir anywhere
because our users often have 1000s of messages in their mailbox, which
defeats the object of Maildir IMHO.

> > > What do you mean? I heard of people using MySQL and/or LDAP...
> >
> > MySQL or LDAP are just lookup tables the same as a hash db or a regexp
> > table. When I talk about hardened I'm thinking about specific kernel
> > compilations, different partitions with different filesystems, chroot
> > everywhere, no extraneous daemons on the box, etc etc
>
> So you mean adding accounts without shell access can't harm to my
> system, as long as daemons are chrooted (which is my case)?

No, shell access to a machine is always a potential exploit hole.
Production servers should be accessible at most by sysadmins via SSH or
Webmin over SSL, nothing else.

-- 
[Simon White. vim/mutt. simonmtds.com. GIMPS:31.01% see www.mersenne.org]
Neutron stars are almost unimaginably dense: a teaspoon of neutron star
material weighs a billion tons (1.016 billion tonnes).
[Linux user #170823 http://counter.li.org. Home cooked signature rotator.]
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]