Thank you. So by private, you mean services that end users shouldn't be able to interact with? Public services have CLI tools (as an interface) whereas private ones do not.
For wakeup, why would a service need wake up timer? It has no active requests so what is it doing when being woke? Perhaps some kind of maintenance tasks? On Thu, Oct 14, 2021, 11:45 PM Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Thu, Oct 14, 2021 at 09:12:40PM -0500, Tyler Montney wrote: > > > I am doing a deep dive on mail hosting and this includes Postfix. I have > > quite a number of questions about Postfix. Is this the best place to get > > those answered? > > > > To give a sample: > > > > - What does 'private' mean for master.cf? Documentation is quite > scarce. > > I can tell it doesn't apply to inet, but how does that affect other > service > > types? > > Internal services, including all mail transports are private. The > public services are in aid of command-line tools like postdrop(1) > and postqueue(1) to allow local users to interact with a small > set of special services. > > > - For unprivileged (master.cf again) > > - "root privileges or as the owner": Is this the same permissions > > level? What is an example of "the owner"? > > The only services that need retain privileges after pre-jail > initialisation are local(8), virtual(8) and pipe(8), because they > subsequently need to be able to switch to an appropriate uid/gid. > > Otherwise, services should drop privileges. > > > - If a service is unprivileged, who does it run as? > > It runs as $mail_owner (typically "postfix"). > > > - What makes a service 'sleep'? (referring to 'wakeup') > > Not having any active requests. Only specific services > need wakeup. If it does not have a wakeup timer in the > stock master.cf, then no wakeup should be specified, > otherwise there should be a wakeup. > > The services that need wakeup are: > > - qmgr > - pickup > - tlsmgr > - flush > > The last of these is only needed if you support ETRN, which > I generally disable and set "fast_flush_domains" empty if > not empty by default (because relay_domains is empty). > > -- > Viktor. >
