Am Mittwoch, 11. Januar 2006 20:01 schrieb Ralf S. Engelschall: > On Wed, Jan 11, 2006, Bernhard Reiter wrote: > > Am Mittwoch, 11. Januar 2006 15:34 schrieb Bernhard Reiter: > > > By default the /openpkgdir/var/postfix/log/postfix.log is word > > > readable. This gives users of the system > > > the possibility to do some sort of email traffic analysis > > > for email flowing through the system.
> > > path="@l_prefix@/var/postfix/log/postfix.log", > > > perm=0644, monitor=3600 > > > I suggest to change this to > > perm=0640 > Hmmm... I see your point and from a paranoid security point of view the > file should be not world-readable. We found out, because accidently some Kolab Server were logging passwords which made it a real world critical problem. > But keep in mind that from a paranoid > point of view even the output of commands like ps(1), df(1), etc are a > problem, of course. The problem with a complete email log is significantly bigger. > OTOH this is a general issue and not really Postfix related. So we > should raise the general question whether logfiles in OpenPKG should be > world-readable or not? What are the opinions? I would say that it depend a bit on the logfiles. Bernhard ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List openpkg-users@openpkg.org
