netbsd-users: Re: postfix, chroot, and rc.d

Subject: Re: postfix, chroot, and rc.d
To: Cheese Lottery <cheeselottery@gmail.com>
From: Luke Mewburn <lukem@NetBSD.org>
List: netbsd-users
Date: 04/26/2005 11:37:25
--FRnlOPVounx9/Gmj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 24, 2005 at 10:16:31AM -0700, Cheese Lottery wrote:
  | I see that in /etc/rc.d/syslogd, syslogd_precmd looks for rc.d scripts
  | that have the 'chrootdir' keyword set to figure out which sockets it
  | will create.  This is how ntpd_chrootdir and named_chrootdir work,
  | right?
  |=20
  | /etc/rc.d/postfix doesn't have the chrootdir keyword, so setting
  | postfix_chrootdir doesn't work.  I added
  |=20
  | KEYWORD: chrootdir=20
  |=20
  | to /etc/rc.d/postfix and added
  |=20
  | postfix_chrootdir=3D"/var/spool/postfix"
  |=20
  | to rc.conf.  Restarting syslogd, it seems to create
  | /var/spool/postfix/var/run/log just fine.  Are there any problems with
  | what I have done?

That should suffice, at least for rc.d/syslogd to do the right
thing.


  | Off the top of my head, postfix_chrootdir doesn't work like
  | ntpd_chrootdir or named_chrootdir because postfix's master.cf still
  | needs to be edited in order to run the daemons under chroot. Since
  | it doesn't "just work," I guess it is not appropriate?

You'll have to add special magic to rc.d/postfix to support
postfix_chrootdir in the appropriate fashion, just like
rc.d/ntpd and rc.d/ntpd do.


  | I'm also thinking about just adding to syslogd_flags in rc.conf, since
  | that works just as well, even if it does not take advantage of
  | /etc/rc.d/syslogd's magic.  I also figure I am less likely to
  | accidentally wipe out changes to rc.conf than a script under
  | /etc/rc.d/*

Yes, the problem with modifying /etc/rc.d/postfix is that the next
run of "postinstall fix rc.d" will overwrite that.
You could locally modify src/etc/rc.d/postfix.
Alternatively, a new implementation of postfix_precmd() in
/etc/rc.conf.d/postfix could work, but you won't be able to set the
chrootdir KEYWORD that way (yet -- see below).

If you come up with a clean solution for src/etc/rc.d/postfix you could
always send-pr it for integration into NetBSD's rc.d/postfix.


BTW: this raises a meta issue about more easily allowing end-user
overrides of rcorder keywords in rc.d scripts.  I have an idea how
to solve this, which I should post about separately when I get a
chance.

--FRnlOPVounx9/Gmj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFCbZtVpBhtmn8zJHIRAoJXAJ96JpX1kAUhjy2msy7zx59auhEatgCgqX8N
GD3O2WttqohhOzjUU7RykPE=
=P+CN
-----END PGP SIGNATURE-----

--FRnlOPVounx9/Gmj--