> On Mar 6, 2024, at 16:52, Wietse Venema via Postfix-users > <postfix-users@postfix.org> wrote: > > Alex via Postfix-users: >> Hi, >> I have a few postfix systems on fedora38 with nearly identical >> configurations. I'd like to be able to push changes to them from a third >> system without having to login to them directly to do so. What's the >> best/most secure way to do this? >> >> For example, I'd like to push the recipient access file to both systems >> since they both relay mail for the same domains. Currently I'm doing this >> with rsync/ssh as root but would like to use a regular user. > > rsync renames files into place. That is good, because there is no > risk that it overwrites a file while some program reads from it. > > But if an unprivileged user can replace files in /etc/postfix, they > they are root equivalent. That is not the improvement that you > appear to be looking for. > > Maybe you can use a pull model instead, like curl and a REST server.
This is a solved problem, using tools like ansible, chef, or puppet. Puppet specifically can be configured to do periodic pulls without having to login. -Dan _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
