On Mon, Feb 08, 2021 at 03:47:27PM -0500, Alex wrote:
> I still have to consider much of what you've written before I can
> respond, but I wanted to be sure my design was clear here - it's not
> so much that end-users are modifying the config in the same way as
> webmin does, like making changes d
On Mon, 8 Feb 2021, Alex wrote:
> I still have to consider much of what you've written before I can
> respond, but I wanted to be sure my design was clear here - it's not so
> much that end-users are modifying the config in the same way as webmin
> does, like making changes directly to main.cf,
Alex wrote:
> it's not so much that end-users are modifying the config in the same
> way as webmin does, like making changes directly to main.cf, but
> type in the name of a new domain to be added to relay_domains, for
> example. The script then then modifies main.cf to apply that change.
In that
> > Perhaps passwordless sudo with the explicit ability to act on these
> > files and reload/restart postfix? Is it okay to create a backup
> > directory in /etc/postfix that's owned by this script user?
>
> I wonder what changes you need to make so frequently. Whatever they are, stop
> and recons
On 08 Feb 2021, at 09:44, Michael Ströder wrote:
> On 2/8/21 2:28 PM, @lbutlr wrote:
>> Use a tool like Webmin¹.
>
> IIRC webmin has a long history of security issues.
They all do.
>> It is, in my opinion a very very bad idea,
>
> I don't understand why you recommend something you consider a b
On 2/8/21 2:28 PM, @lbutlr wrote:
> Use a tool like Webmin¹.
IIRC webmin has a long history of security issues.
> It is, in my opinion a very very bad idea,
I don't understand why you recommend something you consider a bad idea.
> For user management, including admin access to hosted
> domains,
On 07 Feb 2021, at 08:54, Alex wrote:
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file and want to be sure
> I'm doing it securely.
Use a tool like Webmin¹. It is, in my opinion a very very bad idea, but the way
to do this
On Sun, Feb 07, 2021 at 03:26:29PM -0500, Alex wrote:
> > Quoting Zathros, "Cannot say. Saying, I would know. Do not know, so
> > cannot say." It all depends upon your use of sudo. One can't say it
> > won't be secure. The devil is in the details.
>
> I figured that if main.cf was owned by r
Alex wrote:
> Yes, it's a web front-end, using apache and php-fpm.
> It's written using laravel and PHP.
It relieves me (Whew!) that it is not using WP which historically has
had deep security vulnerabilities quite often. And therefore in the
situation you are proposing would be a likely stepping
On Sun, Feb 07, 2021 at 02:47:11PM -0500, Wietse Venema wrote:
> Alex:
> > Hi,
> >
> > I'm working on a front-end to modify our main.cf and other config
> > files, such as the transport and relay_recips file and want to be sure
> > I'm doing it securely.
> >
> > Postfix complains if the files are
Hi,
> > I'm working on a front-end to modify our main.cf and other config
> > files, such as the transport and relay_recips file
>
> Hmm... A front-end? Should we assume this is a web UI frontend?
> Because although most of us use $EDITOR for those files the official
> frontend is "postconf" for
Alex wrote:
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file
Hmm... A front-end? Should we assume this is a web UI frontend?
Because although most of us use $EDITOR for those files the official
frontend is "postconf" for it.
Alex:
> Hi,
>
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file and want to be sure
> I'm doing it securely.
>
> Postfix complains if the files are not owned by root, but I don't want
> the script to have to run as root. What
Hi,
I'm working on a front-end to modify our main.cf and other config
files, such as the transport and relay_recips file and want to be sure
I'm doing it securely.
Postfix complains if the files are not owned by root, but I don't want
the script to have to run as root. What is the most secure way
14 matches
Mail list logo
