Ralf Hildebrandt:
> /etc/postfix/dynamicmaps.cf as provided by Ubuntu/Debian is:
>
> -rw-r--r-- 1 root root 318 2011-04-22 15:04 /etc/postfix/dynamicmaps.cf
>
> by default. Which programs are using it and when? Before dropping
> privileges? After? Does /usr/sbin/sendmail use it?
>
> Yeah, I know. It's a patch.
/etc/postfix and everything under it must be owned by root and not
writable by anyone else.
dynamicmaps.cf is from Lamont Jones's Debian feature that allows
support for LDAP, *SQL etc. to be added without recompiling Postfix.
However, not all the world is Debian.
As for run-time privileges, Postfix daemons open tables before
dropping privileges.
Postfix commands such as postmap open tables with the privileges
of the user itself (if invoked by root, postmap may decide that
root privileges are too powerful, for example, when a table is
owned by a non-root user).
> Just asking if 644 is the ultima ratio or if (under special
> circumstances) something like mode 640, user root, group postfix might
> work as well.
This file contains no secrets, unless you have put some secret
in the comments.
Wietse
