On Thu, Sep 24, 2020 at 11:50:19AM -0500, deoren wrote: > Postfix + SQLite lookup tables shared with external applications in > Write-Ahead Logging (WAL) mode
SQLite with WAL mode is a multi-file database, in which some of the files are opened and closed as you go. Postfix does not support this. You can use single-file SQLite databases, but not WAL. If you want a real database, you need Postgres or MySQL. > Ultimately, the fix appears to be to set the owner of the containing > directory and the SQLite database files to "postfix". What I don't > understand is _why_ this is the fix. I expect it is likely something > very basic that I am overlooking. As Wietse notes, Postfix drops privileges after opening tables, but this does not work with SQLite in WAL mode. On Thu, Sep 24, 2020 at 01:43:05PM -0400, Wietse Venema wrote: > Postfix local(8) opens the sqlite map while it still runs as root, > and that file handle should work after the process changes privileges. > I suspect that something is interfering with UNIX permissions model, > maybe selinux or apparmor. No, just WAL mode means that we haven't opened all the files that might later be needed. -- Viktor.