[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-root postfix admin; sudo -vs- super

NB> I see that by default the files in /etc/postfix are owner: group
NB> root:root.  This obviously doesn't lend itself to the contents thereof
NB> being admin'ed by admins who don't otherwise enjoy the total freedom of
NB> the system (nor is it best for those of us who like to spend as little
NB> time as is necessary as root).

NB> There would seem to be (at least) three solutions:

NB> * different owner:group and mode

NB> * use sudo -or- super to allow postfix admins to do what is necessary.

NB> What do people see as the relative merits of these?

NB> What are the differences between sudo and super in these kind of
NB> circumstances?

NB> Any alternate solutions?

I want to warn you that if you give someone ability to change postfix
configs you can open huge security hole. For example if someone can
edit /etc/postfix/master.cf he/she effectively has root because he/she
can setup pseudo transport which will launch any script under any
uid. And there are exist other dangerous places in postfix configs.

| Ilya Martynov (http://martynov.org/)                                    |
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80  E4AE BE1A 53EB 323B DEE6 |
| AGAVA Software Company (http://www.agava.com/)                          |

Reply to: