Re: non-root postfix admin; sudo -vs- super
NB> I see that by default the files in /etc/postfix are owner: group
NB> root:root. This obviously doesn't lend itself to the contents thereof
NB> being admin'ed by admins who don't otherwise enjoy the total freedom of
NB> the system (nor is it best for those of us who like to spend as little
NB> time as is necessary as root).
NB> There would seem to be (at least) three solutions:
NB> * different owner:group and mode
NB> * use sudo -or- super to allow postfix admins to do what is necessary.
NB> What do people see as the relative merits of these?
NB> What are the differences between sudo and super in these kind of
NB> Any alternate solutions?
I want to warn you that if you give someone ability to change postfix
configs you can open huge security hole. For example if someone can
edit /etc/postfix/master.cf he/she effectively has root because he/she
can setup pseudo transport which will launch any script under any
uid. And there are exist other dangerous places in postfix configs.
| Ilya Martynov (http://martynov.org/) |
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 |
| AGAVA Software Company (http://www.agava.com/) |