On Sun, Feb 07, 2021 at 02:47:11PM -0500, Wietse Venema wrote: > Alex: > > Hi, > > > > I'm working on a front-end to modify our main.cf and other config > > files, such as the transport and relay_recips file and want to be sure > > I'm doing it securely. > > > > Postfix complains if the files are not owned by root, but I don't want > > the script to have to run as root. What is the most secure way to do > > this? > > > > Perhaps passwordless sudo with the explicit ability to act on these > > files and reload/restart postfix? Is it okay to create a backup > > directory in /etc/postfix that's owned by this script user? > > Postfix requires that config files are not writable by users. > If a non-root user can change the Postfix configuration, then that > user has root privileges over your system. The user may not know > how, but at this point all that remains is just security by obscurity. > Is some sort of sudo access possible, i.e. only the specific users you want to enable are able to run the script with sudo privilege. The /etc/sudoers file and associated configuration is somewhat arcane but actually very flexible in what's possible.
-- Chris Green
