Michael Tokarev via Postfix-users:
> 16.12.2024 14:52, Viktor Dukhovni via Postfix-users wrote:
> > On Mon, Dec 16, 2024 at 12:03:52PM +0300, Michael Tokarev via Postfix-users
> > wrote:
> >
> >> The good news though is that all libnss_*.so which comes with glibc
> >> are not needed in chroot at all, they're built-in to the libc.so
> >> proper, and separate .so files are provided for compatibility only.
> >
> > But sufficiently clever users could provision custom nsswitch modules,
> > it is an extensible framework. Likely in with enterprise systems like
> > "FreeIPA" to add "directory services".
>
> There are multiple existing modules in use. Systemd provides several
> already, including host lookup interface. And we already have bug reports
> in debian saying mdns doesn't work in postfix for example.
>
> > Chroot is not worth the trouble, stop the madness. Only expert
> > individual users willing to suffer the pain, might go there.
> > For the rest, turn it off.
>
> This is exactly why I started this whole thread: is chroot in postfix worth
> the efforts these days or not, from the upstream PoV? And the very first
> reaction from Wietse seemed like it'd be nice to have (or else the feature
> wouldn't be used at all).
>
> Myself, I've been here since the very beginning of postfix, and I was
> strongly against debian decision to make chroot the default, -- because
> it was nothing than madness, with numerous frustrated users and
> frustrated people on postfix-users always urging to turn the damn thing
> off (me included).
Look, I changed the Postfix default to not chroot 10+ years ago,
because it was already impossible on LINUX.
I expected tht package maintainers understand that non-chroot
shall be the norm for most installs.
On LINUX systems, chroot is for people who want to suffer pain.
On my FreeBSD server, Postfix chroot is painles.
So chroot is 'nice to have' but not for LINUX.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
