On 9/24/2020 5:16 PM, Viktor Dukhovni wrote:
On Thu, Sep 24, 2020 at 11:50:19AM -0500, deoren wrote:
Postfix + SQLite lookup tables shared with external applications in
Write-Ahead Logging (WAL) mode
SQLite with WAL mode is a multi-file database, in which some of the
files are opened and closed as you go. Postfix does not support this.
You can use single-file SQLite databases, but not WAL. If you want
a real database, you need Postgres or MySQL.
Thank you. I'm new to SQLite (specifically WAL), but I observed just
what you're describing here. I had a Nagios check running under the
Nagios user account, Postfix under its usual account and a cron job
which regenerates the database under another. I was relying on
group-based permissions (all of those user accounts are part of the same
group) to share access with mixed results. As I updated the owner of the
files to reflect "postfix" and changed all steps to run as "postfix",
all visible problems appeared to go away. This was a short time after my
last email to the list.
Ultimately, the fix appears to be to set the owner of the containing
directory and the SQLite database files to "postfix". What I don't
understand is _why_ this is the fix. I expect it is likely something
very basic that I am overlooking.
As Wietse notes, Postfix drops privileges after opening tables, but
this does not work with SQLite in WAL mode.
On Thu, Sep 24, 2020 at 01:43:05PM -0400, Wietse Venema wrote:
Postfix local(8) opens the sqlite map while it still runs as root,
and that file handle should work after the process changes privileges.
I suspect that something is interfering with UNIX permissions model,
maybe selinux or apparmor.
No, just WAL mode means that we haven't opened all the files that
might later be needed.
If I run all tasks under the postfix user account, how likely am I to
run into issues? Thus far it seems to be working, but I've yet to go a
full 6 hours, much less 24 hours.
Thank you for your help.
