| gabriel rosenkoetter on Wed, 6 Nov 2002 09:17:04 -0500 |
|
On Wed, Nov 06, 2002 at 08:48:20AM -0500, Keith Bentrup wrote: > friend, i cp'd /etc/passwd to /var/spool/postfix/etc and reloaded > postfix ... that worked, but it also means that postfix was getting > the list of current users from somewhere else, and i don't know > why that file wasn't updated using useradd ... if anyone knows, i > would appreciate the info so i can track down this problem more :) You've got Postfix in a chroot(2) environment. useradd(8)'s a simple program; it only knows about basic Unix authentication, which revolves around /etc/passwd and /etc/shadow.[1] You *could* make /var/spool/postfix/etc/passwd a symlink to /etc/passwd, but then you've violated the security model of the chroot(2) environment. (A clever attacker who gains control of the daemon within the chroot(2) environment can get access to nothing but what's in that environment if you don't provide him a way out of it... but a sym link is a way out if you're especially clever.) What operating system and whose distribution are you running? Are you sure there isn't a flag to useradd to tell it another (or a list of other--you may want to have other daemons in this kind of a jail) passwd files? If there isn't, it's worth filing a bug report (probably under the "feature request" category, or similar). Note that you can also easily wrap useradd with a shell script. Something like: #!/bin/sh useradd $@ cp /etc/passwd /var/spool/postfix/etc should suffice. [1] Note that useradd(8) also doesn't let you do things like provide a valid SSH public key for the user and install that properly for you, nor does it know about any NIS maps if you're using them. It'd perhaps be a Bad Idea to expand it to do so; it does a simple job, and does it well. Complicating the job it does may well make it less useful. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpFXkVq8LFUb.pgp
|
|