On Thu, Sep 24, 2020 at 11:50:19AM -0500, deoren wrote:
> Postfix + SQLite lookup tables shared with external applications in
> Write-Ahead Logging (WAL) mode
SQLite with WAL mode is a multi-file database, in which some of the
files are opened and closed as you go. Postfix does not support this.
You can use single-file SQLite databases, but not WAL. If you want
a real database, you need Postgres or MySQL.
> Ultimately, the fix appears to be to set the owner of the containing
> directory and the SQLite database files to "postfix". What I don't
> understand is _why_ this is the fix. I expect it is likely something
> very basic that I am overlooking.
As Wietse notes, Postfix drops privileges after opening tables, but
this does not work with SQLite in WAL mode.
On Thu, Sep 24, 2020 at 01:43:05PM -0400, Wietse Venema wrote:
> Postfix local(8) opens the sqlite map while it still runs as root,
> and that file handle should work after the process changes privileges.
> I suspect that something is interfering with UNIX permissions model,
> maybe selinux or apparmor.
No, just WAL mode means that we haven't opened all the files that
might later be needed.
--
Viktor.
