On Wednesday, July 25, 2012 at 12:09 AM, Michael Orlitzky wrote:
> We store our virtual_foo_maps in, > > /etc/posfix/maps/virtual_foo_maps.pgsql > > and so the (read-only) database credentials are visible in that file. > I'd like to tighten this up if possible, but I don't want to do anything > stupid. > > If I'm not going about this all wrong, what can I do to prevent e.g. SSH > users from reading the DB credentials? Ideally, I'd also like to prevent > them from reading the rest of the maps, which contain lists of > addresses, clients, etc. Works for me with owner 'root', group 'postfix', permission 0640. ---- Zhang Huangbin iRedMail: Open Source Mail Server Solution for Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, Gentoo, openSUSE, FreeBSD, OpenBSD: http://www.iredmail.org/