chroot

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

chroot

James Devine-2
I am setting up several postfix 2.5.1-2ubuntu1 servers on an ubuntu installation in conjunction with Cyrus SASL.  The libsasl client linked to postfix is not able to access the mux file for saslauthd unless master.cf is set unchrooted by setting the chroot column to 'n'.  Set like this, it authenticates but I get an error 'unknown service: smtp/tcp' which seems like the server is chrooted, and if I configure the queue directory with the usr, etc and lib directories it works.  Any idea why it seems to be chrooted?

Reply | Threaded
Open this post in threaded view
|

Re: chroot

Brian Evans - Postfix List
James Devine wrote:
> I am setting up several postfix 2.5.1-2ubuntu1 servers on an ubuntu
> installation in conjunction with Cyrus SASL.  The libsasl client
> linked to postfix is not able to access the mux file for saslauthd
> unless master.cf <http://master.cf> is set unchrooted by setting the
> chroot column to 'n'.  Set like this, it authenticates but I get an
> error 'unknown service: smtp/tcp' which seems like the server is
> chrooted, and if I configure the queue directory with the usr, etc and
> lib directories it works.  Any idea why it seems to be chrooted?
>
By default, Postfix does not run in chroot. Some "maintainers" feel it's
necessary to turn this on by default.

Start by turning chroot off on all things if possible.

Make sure you 'postfix reload' (this may take a few moments to
propagate).  Or just restart the service totally.

If you have any more issues, see
http://www.postfix.org/DEBUG_README.htm#mail

Brian
Reply | Threaded
Open this post in threaded view
|

Re: chroot

James Devine-2
That was it, this package does chroot by default, I had unchrooted smtpd but none of the other processes.  With all processes unchrooted it works fine.  Thanks.

On Wed, Jun 25, 2008 at 11:21 AM, Brian Evans <[hidden email]> wrote:
James Devine wrote:
I am setting up several postfix 2.5.1-2ubuntu1 servers on an ubuntu installation in conjunction with Cyrus SASL.  The libsasl client linked to postfix is not able to access the mux file for saslauthd unless master.cf <http://master.cf> is set unchrooted by setting the chroot column to 'n'.  Set like this, it authenticates but I get an error 'unknown service: smtp/tcp' which seems like the server is chrooted, and if I configure the queue directory with the usr, etc and lib directories it works.  Any idea why it seems to be chrooted?

By default, Postfix does not run in chroot. Some "maintainers" feel it's necessary to turn this on by default.

Start by turning chroot off on all things if possible.

Make sure you 'postfix reload' (this may take a few moments to propagate).  Or just restart the service totally.

If you have any more issues, see http://www.postfix.org/DEBUG_README.htm#mail

Brian

Reply | Threaded
Open this post in threaded view
|

Re: chroot

mouss-2
In reply to this post by James Devine-2
James Devine wrote:
> I am setting up several postfix 2.5.1-2ubuntu1 servers on an ubuntu
> installation in conjunction with Cyrus SASL.

I always thought that ubuntu was a desktop oriented system. I'll have to
`update myknowledge` :)
>   The libsasl client linked to
> postfix is not able to access the mux file for saslauthd unless master.cf is
> set unchrooted by setting the chroot column to 'n'.

open a bug to annoy your distro packager. these guys took a decision and
they must support its consequences. they can't break a working system
and ask their users to complain to $upstream.

>  Set like this, it
> authenticates but I get an error 'unknown service: smtp/tcp'


cp /etc/services /var/spool/postfix/etc/


> which seems
> like the server is chrooted, and if I configure the queue directory with the
> usr, etc and lib directories it works.  Any idea why it seems to be
> chrooted?
>
>  

it seems chrooted because it is chrooted. Try
$ sudo shoot `package maintainer`

Please file a ubuntu bug and shout until packagers stop cooking their
own fish. if they have patches, they should submit them to the software
developpers. just because you know how to run dbuild or gcc doesn't mean
you know how to code an MTA.




Reply | Threaded
Open this post in threaded view
|

Re: chroot

Scott Kitterman-4
On Wed, 25 Jun 2008 22:04:11 +0200 mouss <[hidden email]> wrote:
>James Devine wrote:
>> I am setting up several postfix 2.5.1-2ubuntu1 servers on an ubuntu
>> installation in conjunction with Cyrus SASL.
>
>I always thought that ubuntu was a desktop oriented system. I'll have to
>`update myknowledge` :)
>>   The libsasl client linked to
>> postfix is not able to access the mux file for saslauthd unless
master.cf is
>> set unchrooted by setting the chroot column to 'n'.
>
>open a bug to annoy your distro packager. these guys took a decision and
>they must support its consequences. they can't break a working system
>and ask their users to complain to $upstream.

Actually we don't.  I don't know if you've noticed, but I somewhat
regularly point Ubuntu Server users to distro specific mailing lists and
documentation.  Postfix in chroot with SASL working is documented in the
Ubuntu server guide.

Ubuntu gets its Postfix package from Debian where it has been chrooted by
default since approximately forever.  I think that by now we can just agree
to disagree.  It'll take me about 10 seconds to mark the bug won't fix, so
the annoyance factor is low.

If you don't care to support this distro specific change, instead of rants
like the above, just let it rest or point them at
[hidden email].  I try to answer the Ubuntu specific
questions that come up here, so there is no need to worry that someone will
be left without assistance (I hadn't quite got to this one yet).

>>  Set like this, it
>> authenticates but I get an error 'unknown service: smtp/tcp'
>
>
>cp /etc/services /var/spool/postfix/etc/
>
>
>> which seems
>> like the server is chrooted, and if I configure the queue directory with the
>> usr, etc and lib directories it works.  Any idea why it seems to be
>> chrooted?
>>
>>  
>
>it seems chrooted because it is chrooted. Try
>$ sudo shoot `package maintainer`
>
>Please file a ubuntu bug and shout until packagers stop cooking their
>own fish. if they have patches, they should submit them to the software
>developpers. just because you know how to run dbuild or gcc doesn't mean
>you know how to code an MTA.

I don't think Weitse needs a patch if he cared to support chroot by default.

Sometimes distros will come to different decisions than upstream because
they have different concerns.  That doesn't make the packagers inherently
insane.  Please let's just agree to disagree on chroot by default and don't
worry about supporting it if you don't care to.

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: chroot

mouss-2
Scott Kitterman wrote:

>>>  
>>>      
>> open a bug to annoy your distro packager. these guys took a decision and
>> they must support its consequences. they can't break a working system
>> and ask their users to complain to $upstream.
>>    
>
> Actually we don't.  I don't know if you've noticed, but I somewhat
> regularly point Ubuntu Server users to distro specific mailing lists and
> documentation.

sorry, I missed that. Now I know :)

>  Postfix in chroot with SASL working is documented in the
> Ubuntu server guide.
>
> Ubuntu gets its Postfix package from Debian where it has been chrooted by
> default since approximately forever.  I think that by now we can just agree
> to disagree.  It'll take me about 10 seconds to mark the bug won't fix, so
> the annoyance factor is low.
>  

I think that if ubuntu cancels this choice, it may help convincing
debian to do the same.
BTW Is there any chance to get debian to use postfix as the default MTA?
> If you don't care to support this distro specific change, instead of rants
> like the above, just let it rest or point them at
> [hidden email].  I try to answer the Ubuntu specific
> questions that come up here, so there is no need to worry that someone will
> be left without assistance (I hadn't quite got to this one yet).
>  

Please accept my appologies.
>
>
> I don't think Weitse needs a patch if he cared to support chroot by default.
>
> Sometimes distros will come to different decisions than upstream because
> they have different concerns.  That doesn't make the packagers inherently
> insane.  Please let's just agree to disagree on chroot by default and don't
> worry about supporting it if you don't care to.
>  

chroot is nice, but it's not that easy. If the packagers do enough
efforts to make it easy, I'd applaud. but this takes time and efforts.
so in the meantime, I "suggest" keeping things as easy as possible. or
may be providing a script to switch between chrooted and not chrooted
setups?