Michael Tokarev via Postfix-users:
> Hi!
>
> It's been a very long story with debian installing postfix chrooted by
> default.
> For about 25 years there were multiple, endless bug reports here on postfix-
> users, in debian bug tracker, in ubuntu bug tracker and elsewhere, all kinds
> of issues and workarounds has been faced. #151692 is one of the oldest debian
> bug reports still open: https://bugs.debian.org/151692 .
>
> I think this stream of negative experience should be stopped. But with all
> this
> history behind us, I'm not yet sure how to do this.
>
> Postfix in debian has always been chrooted without an easy way to un-chroot
> it (yes, undoing a debian change to master.cf toggling most values in "chroot"
> column isn't exactly difficult, but for many users it feels just wrong to go
> against the more experienced people who packaged postfix for you). So I'm
> trying to find a less aggressive solution to this situation, with not-so-harsh
> change in behavior.
>
> I don't think it would be a good idea to offer an easy GUI-way (debconf in
> debian - a tool used to (re)configure packages which can ask questions to
> the user or can be pre-seeded) to toggle the chrooting of an already installed
> postfix. Because the user might already have customized their master.cf, and
> toggling "chroot" column for select list of services might not be wrong.
> There should be a way to undo the "unchroot" action too, to revert back to
> the debian traditional setup, - and this is where things becomes interesting.
> I don't know how to do it in a reliable way.
>
> At the very least, I think I'll just turn off chroot-by-default for the new
> installs, for now anyway. Without an easy way to turn it on (without such
> a knob/button as described above). But with all the existing infrastructure
> to handle chroot setup as has been there before (with all the bugs, omissions
> and stacked band-aids in there).
>
> I'd love to hear other opinions and comments about this matter.
Turning on chroot is possible for most master.cf entries except
those that use proxymap, postlogd, pipe, local, spawn (I may be
missing one). You can use "postconf -F "*/*/command" to find these,
and "postconf -F xxx/yyy/chroot=y" to turn on chroot selectively.
Setting up the necessary helper files under /var/spool/postfix
(nsswitch.conf, TLS, resolv.conf, services) remains platform-specific.
If this can't be automated, then no-one wiill use it.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
