Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: DBMail: dev

priviledge separation, threading

  

 
DBMail dev RSS feed   Index | Next | Previous | View Threaded


pwadas at jewish

Jul 15, 2009, 12:07 AM

Post #1 of 5 (851 views)
Permalink
priviledge separation, threading
Hello,

Do daemons use priviledge separation? I mean, do they suid for the
authenticated
user, and create private database connection, or a user "john" authenticate
to pop3
and share some global persistent database connection with "mary"
authenticated
with pop3 ? Efficiency (global persistent connection), or security
(multiplied separated, but private connections) ?
Regards,
PW
--
View this message in context: http://www.nabble.com/priviledge-separation%2C-threading-tp24492944p24492944.html
Sent from the dbmail dev mailing list archive at Nabble.com.

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


paul at nfg

Jul 15, 2009, 1:30 AM

Post #2 of 5 (779 views)
Permalink
Re: priviledge separation, threading [In reply to]
Piotr,

We're using a single, global database connection pool. Since dbmail
daemons run as the user specified in dbmail.conf under effective_user,
and since this user by no means needs to (or even should) run as root,
doing a suid is not even possible.


Piotr Wadas wrote:
> Hello,
>
> Do daemons use priviledge separation? I mean, do they suid for the
> authenticated
> user, and create private database connection, or a user "john" authenticate
> to pop3
> and share some global persistent database connection with "mary"
> authenticated
> with pop3 ? Efficiency (global persistent connection), or security
> (multiplied separated, but private connections) ?

This would defeat all the added benefits for connection pooling. Your
idea would require a separate connection pool per connected user, which
will very effectively kill scalability.


--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


pwadas at jewish

Jul 16, 2009, 3:13 AM

Post #3 of 5 (772 views)
Permalink
Re: priviledge separation, threading [In reply to]
Paul J Stevens wrote:
>
> We're using a single, global database connection pool. Since dbmail
>

And how exactly database connection pool works ? How open connections
are reused between threads? My guess - there's a connection pool, which
allocate
_int_max_db_connections_ of available connections. What I want to know is
how connections are reused by different threads? Let's say pop3 daemon has
for the
moment 100 open pop3 sessions. When pop3 client issue a command, the daemon
uses db connection, and the command is completed with some internally
processed
query result. Now, if in the meantime another thread (pop3 client), issue
another command, the command (thread) uses first free connection, or if all
possible
connections are doing something, the command is delayed (actually for
miliseconds) until there's a connection available to be used with command
- is it this, how it works ?

Regards,
Piotr Wadas
--
View this message in context: http://www.nabble.com/priviledge-separation%2C-threading-tp24492944p24513690.html
Sent from the dbmail dev mailing list archive at Nabble.com.

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


pwadas at jewish

Jul 16, 2009, 3:14 AM

Post #4 of 5 (772 views)
Permalink
Re: priviledge separation, threading [In reply to]
Paul J Stevens wrote:
>
> We're using a single, global database connection pool. Since dbmail
>

And how exactly database connection pool works ? How open connections
are reused between threads? My guess - there's a connection pool to database
_mydb_,
which allocate _int_max_db_connections_ of available connections. What I
want to know is
how connections are reused by different threads? Let's say pop3 daemon has
for the
moment 100 open pop3 sessions. When pop3 client issue a command, the daemon
uses db connection, and the command is completed with some internally
processed
query result. Now, if in the meantime another thread (pop3 client), issue
another command, the command (thread) uses first free connection, or if all
possible
connections are doing something, the command is delayed (actually for
miliseconds) until there's a connection available to be used with command
- is it this, how it works ?

Regards,
Piotr Wadas
--
View this message in context: http://www.nabble.com/priviledge-separation%2C-threading-tp24492944p24513690.html
Sent from the dbmail dev mailing list archive at Nabble.com.

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


paul at nfg

Jul 16, 2009, 3:40 AM

Post #5 of 5 (772 views)
Permalink
Re: priviledge separation, threading [In reply to]
Piotr Wadas wrote:
>
> Paul J Stevens wrote:
>> We're using a single, global database connection pool. Since dbmail
>>
>
> And how exactly database connection pool works ? How open connections
> are reused between threads? My guess - there's a connection pool, which
> allocate
> _int_max_db_connections_ of available connections.

Not quite. max_db_connections is the maximum number of connections
maintained by a single connection pool, a number much larger than the
number of connections created initially on startup.

> What I want to know is
> how connections are reused by different threads? Let's say pop3 daemon has
> for the
> moment 100 open pop3 sessions. When pop3 client issue a command, the daemon
> uses db connection, and the command is completed with some internally
> processed
> query result. Now, if in the meantime another thread (pop3 client), issue
> another command, the command (thread) uses first free connection, or if all
> possible
> connections are doing something, the command is delayed (actually for
> miliseconds) until there's a connection available to be used with command
> - is it this, how it works ?

This is all handled by libzdb. The number of connections will scale as
required by the query load generated by dbmail.

I've tested with 100-200 concurrent very active imap clients using
imaptest, and the number of database connections fluctuated between 5
and 10.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev

DBMail dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.