On Thu, Sep 24, 2020 at 11:50:19AM -0500, deoren wrote:

> Postfix + SQLite lookup tables shared with external applications in 
> Write-Ahead Logging (WAL) mode

SQLite with WAL mode is a multi-file database, in which some of the
files are opened and closed as you go.  Postfix does not support this.
You can use single-file SQLite databases, but not WAL.  If you want
a real database, you need Postgres or MySQL.

> Ultimately, the fix appears to be to set the owner of the containing 
> directory and the SQLite database files to "postfix". What I don't 
> understand is _why_ this is the fix. I expect it is likely something 
> very basic that I am overlooking.

As Wietse notes, Postfix drops privileges after opening tables, but
this does not work with SQLite in WAL mode.

On Thu, Sep 24, 2020 at 01:43:05PM -0400, Wietse Venema wrote:

> Postfix local(8) opens the sqlite map while it still runs as root,
> and that file handle should work after the process changes privileges.
> I suspect that something is interfering with UNIX permissions model,
> maybe selinux or apparmor.

No, just WAL mode means that we haven't opened all the files that
might later be needed.

-- 
    Viktor.

Reply via email to