Dan Mahoney via Postfix-users wrote in <56abb6d4-e690-4f94-aadb-2f646a6d1...@prime.gushi.org>: |> On Mar 6, 2024, at 16:52, Wietse Venema via Postfix-users <postfix-users\ |> @postfix.org> wrote: |> Alex via Postfix-users: |>> Hi, |>> I have a few postfix systems on fedora38 with nearly identical |>> configurations. I'd like to be able to push changes to them from a third |>> system without having to login to them directly to do so. What's the |>> best/most secure way to do this? |>> |>> For example, I'd like to push the recipient access file to both systems |>> since they both relay mail for the same domains. Currently I'm doing \ |>> this |>> with rsync/ssh as root but would like to use a regular user. |> |> rsync renames files into place. That is good, because there is no |> risk that it overwrites a file while some program reads from it. |> |> But if an unprivileged user can replace files in /etc/postfix, they |> they are root equivalent. That is not the improvement that you |> appear to be looking for. |> |> Maybe you can use a pull model instead, like curl and a REST server. | |This is a solved problem, using tools like ansible, chef, or puppet. \ | Puppet specifically can be configured to do periodic pulls without \ |having to login.
I use git for all that. Plus some hooks/scripts. Special repo with a special post-receive hook would surely do your specific use case. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
