On 9/25/2020 12:27 PM, Wietse Venema wrote:
deoren:
If I run all tasks under the postfix user account, how likely am I to
run into issues? Thus far it seems to be working, but I've yet to go a
full 6 hours, much less 24 hours.
Don't run non-Postfx programs with Postfix privileges, that
defeats the purpose of privilege separation.
This is good advice and normally I wouldn't do that.
During earlier testing, I noticed that (as described by Viktor) each
process interacting with the SQLite database in Write-Ahead Logging mode
would create related journal files as their own user id alongside the
SQLite database file. I wasn't concerned initially by this mix of user
ids as I was using a shared user group to permit read/write access to
the database file.
Running a SQLite db regen tool, a Nagios plugin to validate the SQLite
db and Postfix as all the same user account *seemed* to solve the issue.
Since Postfix is the intended consumer of the file, it seemed _less_
risky to use that approach.
Based on advice given (and taken to heart), the db regen tool is now
using the standard "DELETE" journaling mode when regenerating the file.
and set to retry a number of times when attempting to rebuild the SQLite
db tables (in a transaction).
I am seeing regen failures due to locked database errors (but not now
logged by Postfix), but the tool is running at a frequency that allows
it to get in a db refresh often enough to still solve the original
problem: keep the local file in sync with the remote database so that
the relay node isn't dependent on the remote database directly. The
Nagios check is also succeeding at validating the SQLite database, so at
the moment everything appears to be working.
I plan to update the configuration so that the Nagios plugin and db
regen tool are once again running as different user accounts, but
haven't gotten that far yet (this is a side project and not a main focus).
Thanks for everyone's feedback, and apologies if this is too lengthy. I
didn't give a ton of context in prior emails, so wanted to flesh this
out a bit if the earlier emails didn't make a lot of sense.
