17.12.2024 13:25, Tomasz Pala via Postfix-users wrote:
Disregarding this (e.g. LMTP, virtual mailboxes only) one could try to directly start with: User=postfix AmbientCapabilities=... which would make in turn this unnecessary:setfacl -m user:root:rwx $queue_directory/public
With current postfix I don't see a reason going this route. Or actually, I don't see a reason to play with capabilities outside of postfix source code: it is ineffective. If we're to adopt capabilities, we should teach postfix itself to manipulate them on per-service or per-context basis. Even there, with your ambient capabilities idea, someone has to enable the necessary capabilities which are ambient and are needed in some particular context - this has to be done within the postfix source. But if it is done in postfix anyway, it can do the whole thing properly - starting with full set, dropping things when executing a service, temporarily enabling extra things (cap_setuid) when doing local user delivery, and so on. Postfix's master(8) is a service manager itself, who runs different services with different privileges (okay, it's each service who deals with its own privs at startup). The point is that each service needs its own things, and attempting to apply something globally to whole master process tree isn't going to work. We can drop some stuff (like cap_sys_reboot), but that's about it - it is not very effective to do that. /mjt _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
