Hi guys, On Thu, Mar 7, 2024 at 6:01 PM Steffen Nurpmeso via Postfix-users < postfix-users@postfix.org> wrote:
> Dan Mahoney via Postfix-users wrote in > <56abb6d4-e690-4f94-aadb-2f646a6d1...@prime.gushi.org>: > |> On Mar 6, 2024, at 16:52, Wietse Venema via Postfix-users > <postfix-users\ > |> @postfix.org> wrote: > |> Alex via Postfix-users: > |>> Hi, > |>> I have a few postfix systems on fedora38 with nearly identical > |>> configurations. I'd like to be able to push changes to them from a > third > |>> system without having to login to them directly to do so. What's the > |>> best/most secure way to do this? > |>> > |>> For example, I'd like to push the recipient access file to both > systems > |>> since they both relay mail for the same domains. Currently I'm doing \ > |>> this > |>> with rsync/ssh as root but would like to use a regular user. > |> > |> rsync renames files into place. That is good, because there is no > |> risk that it overwrites a file while some program reads from it. > |> > |> But if an unprivileged user can replace files in /etc/postfix, they > |> they are root equivalent. That is not the improvement that you > |> appear to be looking for. > |> > |> Maybe you can use a pull model instead, like curl and a REST server. > | > |This is a solved problem, using tools like ansible, chef, or puppet. \ > | Puppet specifically can be configured to do periodic pulls without \ > |having to login. > > I use git for all that. Plus some hooks/scripts. > Special repo with a special post-receive hook would surely do your > specific use case. > It's taken me some time to get to this, but I hoped I could ask for your help. Do you have more information you can share about how I might do this? The main system would push the updates to git, then perhaps a cron script (as root?) that run git checkout on each host to check for updates?
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
