20.12.2024 00:22, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
Here's a little change for the `postfix' command I'd love to have
in Debian, - to assist its 25 years history of running postfix
chrooted and to have an easier alternative, one way or the other.
It's just a proof of concept, but it is easy enough. Not yet written
in a style of other code in this script (like using logging functions
which is a good idea in this case for sure.
The "idea" is to have
postfix chroot [-n] on|off
- to run services chrooted (on) or non-chrooted (off)
(-n to show what would be done instead of actual modifications)
postfix chroot query
- to query and return the current status (on|off|mixed).
Apart from possible BASH-isms, this could work on non-LINUX systems.
But without a way to manage the content of the chroot tree, it will
be useful mainly to "view" or "turn off" chroot.
I'm mostly asking about the approach, if it is okay with you if some
distribution is to modify code like this, adding a custom subcommand.
The chroot tree itself is managed elsewhere. I placed it into the
`postfix start' code path, - this one queries (checks) for the chroot
status, and updates/populates the chroot if it is in use, or cleans it
up if not - depending on the "complexity" of the daemons in question
(that's where the -S option comes into play). The setup itself is
based on old script provided in debian, which I managed to understand
and to reduce to a manageable size, cleaning up a lot of old cruft
and wrong ideas (like copying everything needed for ldaps: into the
chroot including some /dev nodes, instead of using proxy: map) on the
way.
Since this part can't be made generic because of realy different kinds
of possible nsswitch modules (on any system), I'm not trying to come
here with this stuff.
And this one is just a single building block anyway, -- again, not as
something which might be useful for everyone, but more about debian
users who don't have an easy way to turn the debian-specific defaults
off.
Besides usage of ${c%%.*} (to strip off everything but the major
version from compatibility_level, which an be done using sed),
there's no bashisms in there.
Thanks,
/mjt
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
