Le 07/02/2011 12:06, Mark Alan a écrit : >[snip] > > No disrespect intended neither towards Stefan, nor towards his > friends. > > But, to us, it would be difficult to use a Postfix repository that > includes changes whose rationale we are not able to understand like, for > instance, the following: > > diff -u tmp/postfix-2.8.0/conf/master.cf > lixo/postfix-2.8.0~cite/conf/master.cf --- > tmp/postfix-2.8.0/conf/master.cf 2011-02-07 10:18:11.000000000 > +0000 +++ lixo/postfix-2.8.0~cite/conf/master.cf 2010-12-31 > 14:14:51.000000000 +0000 @@ -8,49 +8,49 @@ # service type private > unpriv chroot wakeup maxproc command + args # (yes) > (yes) (yes) (never) (100) # > ========================================================================== > -smtp inet n - - - - smtpd > -#smtp inet n - - - 1 postscreen > -#smtpd pass - - - - - smtpd > -#dnsblog unix - - - - 0 dnsblog > -#tlsproxy unix - - - - 0 tlsproxy > -#submission inet n - - - - smtpd > +smtp inet n - n - - smtpd > +#smtp inet n - n - 1 postscreen > +#smtpd pass - - n - - smtpd > +#dnsblog unix - - n - 0 dnsblog > +#tlsproxy unix - - n - 0 tlsproxy > +#submission inet n - n - - smtpd > >
the diff says not to chroot the services above. This is how it works on other OSes like FreeBSD (which is Wietse OS). Debian tradition is to chroot because it was done once and it's hard to remove it (it would be seen as a regression). unfortunately, default chroot causes trouble to some people and they come here asking for help. so a default "no chroot" is better: first get things working, then if you feel motivated for a chroot, go for it, but then you know what you're doing.
