On Sep 6, 2013, at 04:39, LuKreme <krem...@kreme.com> wrote: > All the files in /etc/postfix are 1) owned by root and 2) marked with 644 > permissions. > > I'm not sure this is a good idea (though there are no other users who login > to the shell, there are other users who at least in theory could). > > I did chmod 600 and chown postfix the mysql_virtual_*_maps.cf files since > they contain the SQL password for the sql users' database. > > Am I worrying needlessly? Chould I chmod 600 and chown postfix all of > /etc/postfix?
We generally use a subdirectory within '/etc/postfix' to store all 'custom' files such as maps and the like, and restrict the permissions on that directory and its contents. This also offers a measure of protection in case a distribution package overwrites a default file for whatever reason. HTH, Joni
