warnings about symlinks in /etc/postfix/

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

warnings about symlinks in /etc/postfix/

A. Schulze

Hello,

I use to have symlinks in /etc/postfix to include files from other  
sources while building
the local configuration. Since longer time I notice warnings from  
postfix-script every
time I install a new postfix version.

# postfix check
postfix/postfix-script: warning: group or other writable:  
/etc/postfix/./config/symlink

# postconf mail_version
mail_version = 2.12-20141106
(Linux)

these are the current permissions:

# ls -ld /etc/postfix /etc/postfix/config
drwxr-xr-x 4 root root 4096 Nov 20 08:10 /etc/postfix
drwxr-xr-x 2 root root 4096 Nov  4 23:36 /etc/postfix/config

# ls -la /etc/postfix/config/symlink
lrwxrwxrwx 1 root root 48 Jul 25  2012 /etc/postfix/config/symlink ->  
../../../myconfdir/myconffile

# ls -ld /myconfdir
drwxr-xr-x 2 root root 4096 Nov 20 08:10 /myconfdir

# ls -la /myconfdir/myconffile
-rw-r--r-- 1 root root 905 Nov 12 17:23 /myconfdir/myconffile

I tested I'm not able to delete or touch any of these  
filesystemobjects as unprivileged user.
I dislike to ignore the warning but would have no warning at all. Must  
my setup be modified or
could postfix/postfix-script be enhanced in some way. Or is the  
symlink at all dangerous?

Andreas

Reply | Threaded
Open this post in threaded view
|

Re: warnings about symlinks in /etc/postfix/

Wietse Venema
A. Schulze:
>
> Hello,
>
> I use to have symlinks in /etc/postfix to include files from other  
> sources while building
> the local configuration. Since longer time I notice warnings from  

That is not supported. Postfix config files must be writable only
by root, and must be in $config_directory which must be writable
only by root.

        Wietse