On 2024-12-09 Michael Tokarev via Postfix-users wrote: > It's been a very long story with debian installing postfix chrooted by > default. > For about 25 years there were multiple, endless bug reports here on postfix- > users, in debian bug tracker, in ubuntu bug tracker and elsewhere, all kinds > of issues and workarounds has been faced. #151692 is one of the oldest debian > bug reports still open: https://bugs.debian.org/151692 . > > I think this stream of negative experience should be stopped. But with all > this > history behind us, I'm not yet sure how to do this. > > Postfix in debian has always been chrooted without an easy way to un-chroot > it (yes, undoing a debian change to master.cf toggling most values in "chroot" > column isn't exactly difficult, but for many users it feels just wrong to go > against the more experienced people who packaged postfix for you). So I'm > trying to find a less aggressive solution to this situation, with not-so-harsh > change in behavior.
I don't think there's anything "harsh" about changing a couple flags to their actual (upstream) default values. I've been running Postfix without chroot for more than a decade without any issues. Perhaps unpopular opinion: I'm not a fan of the blanket introduction of chroot, AppArmor, SELinux and other technologies like that into default setups. While all of them are certainly useful I do believe that without a clear understanding of what threats you (as a server admin) want to mitigate with them in your specific situation, their added complexity and maintenance cost (which is usually glossed over despite being rather substantial) greatly outweighs their benefits. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
