Alex:
> Hi,
>
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file and want to be sure
> I'm doing it securely.
>
> Postfix complains if the files are not owned by root, but I don't want
> the script to have to run as root. What is the most secure way to do
> this?
>
> Perhaps passwordless sudo with the explicit ability to act on these
> files and reload/restart postfix? Is it okay to create a backup
> directory in /etc/postfix that's owned by this script user?
Postfix requires that config files are not writable by users.
If a non-root user can change the Postfix configuration, then that
user has root privileges over your system. The user may not know
how, but at this point all that remains is just security by obscurity.
Wietse
