From: Michael Tokarev (mjttls.msk.ru)
Date: Mon Apr 21 2003 - 20:36:18 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> Michael Tokarev:
[]
>>>>What about having separate Postfix parameters for hard and soft
>>>>limits.
>>>
>>well, if we're here - how about using PAM session modules to
>>configure and enforce that limits? As done in many other
>>programs (e.g. cron on many modern linux systems).
>
> Does that work with persistent processes that deliver on
> behalf of different users?

Yes and no, depending of the point of view.

When exec'ing an external program, there is fork() done, and
_after_ that fork, anything is possible and it will not in
any way interfere with parent process.

When delivering directly to a file, things are different and
may only be done if the same fork() will be executed before
calling PAM stuff. While this isn't a big problem (fork()
cost is very minor on any modern OS), but this, IMHO, isn't
a big concern - postfix may do delivery to a file just fine
without any additional stuff like PAM (maybe mailbox_limit_map
parameter will be useful here, I don't know). Also, since
limits may include e.g. procesor time limit, postfix's
delivery agent may be terminated (due to cpu limit exceeded)
which is plain wrong (master(8) is waiting for it to return
something).

And finally, for pipe(8) agent, first case applies: it
fork()s + exec()s another process on every request. PAM
stuff belongs to the place between fork and exec.

/mjt

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]