[ITP] postfix 2.11.3
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Nov 21 22:06:00 GMT 2014
On Nov 21 22:48, Christian Franke wrote:
> Corinna Vinschen wrote:
> >>See above (It always switches to $mail_owner and does never use
> >>chown()).
> >>
> >> From postsuper.c:
> >>
> >>* All file/directory updates must be done as the mail system owner.
> >>This
> >> * is because Postfix daemons manipulate the queue with those same
> >>* privileges, so directories must be created with the right ownership.
> >>
> >>
> >>> In theory postsuper should just use the
> >>>account it's running under on Cygwin.
> >>In (upstream) theory & practice, it should run with least privileges,
> >>which is good :-)
> >Well, passwd -R is still some mild variation of security by obscurity, and it might not be allowed in some environments.
>
> Further investigation shows that with a few modifications, postsuper could
> be run without passwd -R - except the rare case that the hash_queue_depth
> was changed for already queued messages.
Nice. Is the latter a likely operation? I'm running my own postfix on
Linux, but I never changed hash_queue_depth, I'm sure.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20141121/7e3ee9ec/attachment.sig>
More information about the Cygwin-apps
mailing list