Alex wrote: > I'm working on a front-end to modify our main.cf and other config > files, such as the transport and relay_recips file
Hmm... A front-end? Should we assume this is a web UI frontend? Because although most of us use $EDITOR for those files the official frontend is "postconf" for it. If you have to ask then you should definitely use postconf to edit those files. > and want to be sure I'm doing it securely. I would like to say something useful here. But other than saying that then you should do it security I am at a loss for a suggestion. "Then you should do it securely." > Postfix complains if the files are not owned by root, but I don't want > the script to have to run as root. What is the most secure way to do > this? Should we assume that you are writing a web UI. The web UI is running as the www-data user. It's written in Wordpress or another popular PHP framework. This framework itself is likely one that has deep security vulnerabilities posted every other week. You would like to make the files owned by www-data so that the web UI can edit those files directly. But Postfix then is warning about the situation. Is this what we should assume? If this is not what we should assume then the only way we might know anything is if you tell us what you are doing. Note that just because a process does not run as a root priviledge process does not mean that it is more secure than one that does. Security is composed of the entire system of layers all working together. Pulling a very small piece of something out of context and focusing on it with the microscope loses the context of the environment in which it exists. > Perhaps passwordless sudo with the explicit ability to act on these > files and reload/restart postfix? Quoting Zathros, "Cannot say. Saying, I would know. Do not know, so cannot say." It all depends upon your use of sudo. One can't say it won't be secure. The devil is in the details. > Is it okay to create a backup directory in /etc/postfix that's owned > by this script user? Extra files and extra directories in /etc/postfix won't be a problem for the running of Postfix if the names do not collide with names that are used by Postfix. Bob
