Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Postfix master without root permissions - possible?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Jacekalex
Guru
Guru


Joined: 17 Sep 2009
Posts: 489

PostPosted: Wed Jul 03, 2013 5:53 am    Post subject: Postfix master without root permissions - possible? Reply with quote

Hi

Is it possible and how to do that, Postfix - master process did not need root privileges, and worked as a user postfix.
Access to ports 25, 465 and 587 does not require root privileges if the program have CAP_NET_BIND_SERVICE capabilities.
Capabilites for the program can be added for commands setcap, for example:
Code:
setcap cap_net_bind_service+ep  {binary}


I would thus deprive postfix root privileges, which does not need an entire server, mail supplies by dovecot-lmtp socket.
How to configure postfix to make it work, if the command Postfix start automatically raises the master process as root?

For example Apache does not have a big problem:
http://wiki.apache.org/httpd/NonRootPortBinding

About Capabilities:
https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid
https://www.gentoo.org/proj/en/hardened/capabilities.xml

Cheers
8)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum