NB> I see that by default the files in /etc/postfix are owner: group NB> root:root. This obviously doesn't lend itself to the contents thereof NB> being admin'ed by admins who don't otherwise enjoy the total freedom of NB> the system (nor is it best for those of us who like to spend as little NB> time as is necessary as root).
NB> There would seem to be (at least) three solutions: NB> * different owner:group and mode NB> * use sudo -or- super to allow postfix admins to do what is necessary. NB> What do people see as the relative merits of these? NB> What are the differences between sudo and super in these kind of NB> circumstances? NB> Any alternate solutions? I want to warn you that if you give someone ability to change postfix configs you can open huge security hole. For example if someone can edit /etc/postfix/master.cf he/she effectively has root because he/she can setup pseudo transport which will launch any script under any uid. And there are exist other dangerous places in postfix configs. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Ilya Martynov (http://martynov.org/) | | GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 | | AGAVA Software Company (http://www.agava.com/) | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
