Re: [Courier-imap] poxtfix, courier chroot
krystian writes: Hi! I want install Postfix/Imap courier in chroot. Should I install courier inside chroot or from outsite chroot like postfix? I understand that as well I should install in chroot authlib for courier. Maybe somebody can give me some links? You're on your own. In as many years as I can remember, nobody cared about running anything, courier-imap, or courier-authlib, in chroot. As such, I do not recall any links or HOWTOs of any kind, anywhere. pgpFWJRdA04EM.pgp Description: PGP signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] poxtfix, courier chroot
On Fri, Jan 19, 2007 at 07:03:01AM -0500, Sam Varshavchik wrote: In as many years as I can remember, nobody cared about running anything, courier-imap, or courier-authlib, in chroot. For Linux maybe; but OpenBSD runs every daemon that it can in a chroot environment. Even on Linux systems, I often see 'named' running in a chroot. That's probably a sensible idea; ISC BIND is an extremely big and complex beast. OTOH, if you said that running as a non-root user is more important, I'd agree. Besides, to run a big package in a chroot environment, you'll need so many libraries and other bits that if anyone breaks in they'll have a pretty functional system anyway. Regards, Brian. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] poxtfix, courier chroot
It strange what you say, because a lot services under linux, can and runs under chroot ex. DNS,HTTP,FTP,SSH(?),Mail(Postfix),Databases(MySql). I know that BSD has a bit better security, but for now I' m not going to install BSD. And as for linux even a bit more security like chroot services, can increase security. I understand that chroot isn't perfect but if you add e.g. GRsecurity patch , it has a big advantage over non chroot environment. It doesn't cost me a lot (at least I hope),to install in chroot, so why I shouldn't do that. Regards, Krystian Brian Candler wrote: On Fri, Jan 19, 2007 at 07:03:01AM -0500, Sam Varshavchik wrote: In as many years as I can remember, nobody cared about running anything, courier-imap, or courier-authlib, in chroot. For Linux maybe; but OpenBSD runs every daemon that it can in a chroot environment. Even on Linux systems, I often see 'named' running in a chroot. That's probably a sensible idea; ISC BIND is an extremely big and complex beast. OTOH, if you said that running as a non-root user is more important, I'd agree. Besides, to run a big package in a chroot environment, you'll need so many libraries and other bits that if anyone breaks in they'll have a pretty functional system anyway. Regards, Brian. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] poxtfix, courier chroot
On Fri, Jan 19, 2007 at 11:19:44PM +0800, krystian wrote: It strange what you say, because a lot services under linux, can and runs under chroot ex. DNS,HTTP,FTP,SSH(?),Mail(Postfix),Databases(MySql). Depends on your Linux distribution. (I'd say that ssh is very unlikely to run chroot'd by default, as it rather defeats the object of having it) Anyway, we're in agreement here. MrSam said that nobody cares about running daemons chroot'd, and I was just pointing out that people do. I know that BSD has a bit better security, but for now I' m not going to install BSD. Both are secure if properly installed - most weaknesses come from the applications, not the kernel. But again, this was just to make the point that there are Unix users and systems which *do* care about chroot'ing. Linux is not the only fruit. And as for linux even a bit more security like chroot services, can increase security. I understand that chroot isn't perfect but if you add e.g. GRsecurity patch , it has a big advantage over non chroot environment. It doesn't cost me a lot (at least I hope),to install in chroot, so why I shouldn't do that. I'm not disagreeing here either. Incidentally, FreeBSD's jail is better; it's chroot plus additional restrictions (e.g. can only bind to a single IP address; cannot tweak sysctls). Regards, Brian. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap