On 07 Feb 2021, at 08:54, Alex <[email protected]> wrote: > I'm working on a front-end to modify our main.cf and other config > files, such as the transport and relay_recips file and want to be sure > I'm doing it securely.
Use a tool like Webmin¹. It is, in my opinion a very very bad idea, but the way to do this outside of an admin shell session is through an admin panel. For user management, including admin access to hosted domains, a tool like postfixadmin seems to work pretty well. That said, if you have an admin interface like webmin or postfixadmin you need to be very conscious of keeping these tools up-to-date as they are frequent targets of attack. > Postfix complains if the files are not owned by root, but I don't want > the script to have to run as root. What is the most secure way to do > this? Definitely not via a automated script that takes user submission and changes your mail config. Even allowing access to files that you may think are OK (virtual or aliases, perhaps?) can be disastrous. > Perhaps passwordless sudo with the explicit ability to act on these > files and reload/restart postfix? Is it okay to create a backup > directory in /etc/postfix that's owned by this script user? I wonder what changes you need to make so frequently. Whatever they are, stop and reconsider. There is no scenario where allowing users to alter your mail config could be considered secure. I do have one script that generates a postfix config file, but it is entirely automated and writes a daily bcc file. Even though it is very simple, I ran it by this list in case I'd overlooked something very stupid. It's been running for over 4 years now so I'm /relatively/ confident there's nothing wrong with it. ¹ I am not specifically recommending webmin, I do not run it and I wold not run it as I prefer accessing my server via ssh with a key exchange which can only be duplicated if someone gets my private key file off my home machine, or if someone can login to the console on-site as me. -- "Are you pondering what I'm pondering?" "I think so, Brain, but shouldn't the bat boy be wearing a cape?"
