On Mon, Sep 30, 2002 at 09:04:40AM -0300, Henrique de Moraes Holschuh wrote: > On Sun, 29 Sep 2002, Galen Johnson wrote: > > Actually, I was wondering when the Debian chroot of postfix would rear > > it's ugly head. There is really no reason to chroot postfix. Just edit > > Of course there is: Security. Watch as I try to find a way to chroot Cyrus > as well... > > (it should actually be quite doable, master can run outside the chroot, and > services can be selectively chrooted by master when started -- it depends on > how much information from outside the chroot the services would need...)
Postfix I run chrooted, especially on boxes where user accounts exist. I don't know if I would bother running Cyrus in chroot since it's a closed box application anyway. Sure, in theory chroot is 'more secure' regardless but often there is a trade off between security and connivance. I can seriously increase the security on any box I own by unplugging it from the network, but that wouldn't be very convenient for me, or the users. :) -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)