On 31/01/22 07:36, Wietse Venema wrote:
Viktor Dukhovni:
So I was wondering whether the directory currently named "public" should
remain (permission-wise) protected, with the new (permission-wise)
unprotected directly named something else?
It could become mode 755, with dedicated per-app subdirectories and
custom permissions.
Hi Wietse & Viktor.
Apologies for being late to the party, but what you discussed above is
exactly what I am using currently. The reason I can do this — i.e. in
the absence of the proposed "x" value for the private field in master.cf
— is because none of the services I'm doing this with are defined in
master.cf. In other words, the relevant sockets are created by other
processes. So while I don't need the feature you've described, I just
wanted to let you know that I think it sounds like a good one.
BTW The name I'm using for the 'new (permission-wise) unprotected
directory' is "external", which incidentally fits perfectly with the
design you proposed where "x" is used in master.cf. :-)
root@mail:/var/spool/postfix# find external -ls
15076724 4 drwxr-xr-x 3 root root 4096 Jul 25 2021 external
15076729 4 drwxr-x--- 2 dovecot postfix 4096 Feb 1 21:00
external/dovecot
15073313 0 srw-rw---- 1 dovecot postfix 0 Feb 1 21:00
external/dovecot/auth-dovecot
15073306 0 srw-rw---- 1 dovecot postfix 0 Feb 1 21:00
external/dovecot/lmtp-dovecot
Nick.
