On 4/27/21 9:30 AM, Paul Menzel wrote: > Dear Wietse, > > > Am 27.04.21 um 14:49 schrieb Wietse Venema: >> Paul Menzel: > >>> In our infrastructure, we are building Postfix from source with an >>> unprivileged user, and also try to run most services as an unprivileged >>> user. Privileged ports are forwarded to unprivileged ports, used by the >>> service, by configuring Linux? packet filter rules with *iptables*. >> >> Unprivileged Postfix comes up about once a year in this mailing >> list. Rather than hashing out the arguments here again, please use >> a search engine, or visit mailing list archives. > > Thank you for your prompt reply. Searching for *unprivileged* in the mailing > list archives, I actually only found discussion of containers, and Victor’s > reply in the thread *Should I be root or postfix user to execute postfix commands?* [1]:
You can use Linux user namespaces to avoid having to modify Postfix. Postfix will think it is root, but UID 0 in the container is mapped to an unprivileged UID on the host. Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
