Warn: This is a bit long. I'm trying to be through.
End result, courier does not clean it's environment when starting, and adds 4
unmentioned variables to the environment.
On Wed, 25 May 2016 23:00:54 <mr...@courier-mta.com> wrote:
> David Niklas writes:
>
> > Hello,
> > I've successfully run the tests of courier 0.75.0 up to the part where
> > the msg writes info into the ID and ENV files.
> > Strangely, id output no info into the ID file though sh wrote
> > "/root/.profile" Permission denied. The env command output many
> > variables all from /etc/profile, thought the docs say that courier
> > should have a sanatized environment. All the files in /etc are
> > default for courier with the exception that I removed the database
> > modules from courier's authdaemond so that they would not load.
> > I imagine that courierd is sourcing /etc/profile as root and then
> > trying to read the user's (root's) .profile file.
> > The docs do not specify a method of solving this, what do I do?
>
> The short, blunt answer is "figure it out". Something is definitely
> borked in your environment. You need to figure out why supposedly a new
> shell started under your userid wants to read /root/.profile. That's
> obviously wrong.
Ok, your right, this is strange.
less wants to read /root/.profile but the ID file is blank.
Soruced /etc/profile. Now less does not try to read /root/.profile, ID is
still blank. So su probably did not fully clean the enviroment (that's
how I got into the test account).
> courierd does not source anything. It is a binary executable. "courier
> start" runs the courierctl.start script that reads the courierd
> configuration file with the -a flag, which imports its contents as
> environment variables, then starts courierd.
>
> One of the sections in the courierd config file, named "SYSLOCALE"
> sources what the configure script detected as the system configuration
> file that sets the default system locale. It's a config file that's
> picked from a fixed list of known system config files. At this time,
> it's the first file from the following list which exists:
SYSLOCALE is located in /etc/courier/couried an /etc/courier/couried.dist.
In both cases it's commented out.
In a previous mail I found that courier tried to use /etc/environment and
was told that I might create it as it did not exist. I was also told that
I should talk to the maintainer about locating an existing file for
reading in the environment.
The /etc/environment file contains only a comment.
> /etc/environment
> /etc/default/locale
> /etc/sysconfig/i18n /etc/sysconfig/language
> /etc/locale.conf
The first on I created the others don't exist.
> If none of these are found, that section in the courierd file is blank.
> If found, the contents are read.
>
> I think that courier is not getting started correctly, if you see stuff
> in your /etc/profile. That shouldn't happen. courierctl.start should be
> executing 'env -i', to wipe out all traces of your login shell's
> environment.
>
Hmm. I set in /etc/profile the ENV and BASH_ENV variables to
"$USER/.profile" so that my GPGHOME variable would be read in by
clawsmail when using the gpg add-on plugin. However, it seems that
clawsmail does not read in the environment, it probably uses execv(3) or
similar ):
So, this would seem to me that courier, or a process thereof, is reading
in /etc/profile.
Comment those lines in /etc/profile.
Source /etc/profile.
Restart courier and authdaemond.
Delete old ID and ENV.
Send new mail.
Nope. ENV and BASH_ENV are still set to /root/.profile.
Ok. Time for strace.
strace -o oud -ff /usr/lib64/courier/courier/courierd start &
strace -o oug -ff /usr/lib/courier/courier-authlib/authdaemond
Send new mail.
grep open oug* oud* | sort -k2 -t":" | less -S
Ok, it still tries to open /root/.profile but not /etc/profile
seems to me this means that the environment is not clean.
authdaemond and courierd are running as root...
grep -e system -e exe oud* oug* > /home/me/courier.txt
chown me /home/me/courier.txt
<CAT-of-courier.txt>
oud.24686:execve("/usr/lib64/courier/courier/courierd",
["/usr/lib64/courier/courier/couri"..., "start"], [/* 86 vars */]) = 0
oud.24706:execve("/bin/bash", ["/bin/bash", "-c", "./courieruucp"], [/* 90 vars
*/]) = 0
oud.24706:execve("./courieruucp", ["./courieruucp"], [/* 90 vars */]) = 0
oud.24708:execve("/bin/bash", ["/bin/bash", "-c", "./courierlocal"], [/* 90
vars */]) = 0
oud.24708:execve("./courierlocal", ["./courierlocal"], [/* 90 vars */]) = 0
oud.24708:rt_sigreturn() = -1 EINTR (Interrupted
system call)
oud.24710:execve("/bin/bash", ["/bin/bash", "-c", "./courierfax"], [/* 90 vars
*/]) = 0
oud.24710:execve("./courierfax", ["./courierfax"], [/* 90 vars */]) = 0
oud.24712:execve("/bin/bash", ["/bin/bash", "-c", "./courieresmtp"], [/* 90
vars */]) = 0
oud.24712:execve("./courieresmtp", ["./courieresmtp"], [/* 90 vars */]) = 0
oud.24714:execve("/bin/bash", ["/bin/bash", "-c", "./courierdsn"], [/* 90 vars
*/]) = 0
oud.24714:execve("./courierdsn", ["./courierdsn"], [/* 90 vars */]) = 0
oud.24765:execve("/usr/lib64/courier/courier/modules/local/courierdeliver",
["courierdeliver", "test", "/home/test", "", "test@ulgy_thing",
"test@ulgy_thing", "", ""], [/* 90 vars */]) = 0
oud.24766:execve("/bin/bash", ["/bin/bash", "-c", "/bin/env >ENV"], [/* 104
vars */]) = 0
oud.24767:execve("/bin/env", ["/bin/env"], [/* 104 vars */]) = 0
oud.24768:execve("/bin/bash", ["/bin/bash", "-c", "/bin/id >ID"], [/* 104 vars
*/]) = 0
oud.24769:execve("/bin/id", ["/bin/id"], [/* 104 vars */]) = -1 ENOENT (No such
file or directory)
oug.24749:execve("/usr/lib/courier/courier-authlib/authdaemond",
["/usr/lib/courier/courier-authlib"...], [/* 86 vars */]) = 0
</CAT-of-courier.txt>
I don't see courier attempting to clean the environment.
I started courier with env -i LANG=$LANG LC_COLLATE="C" TERM="linux".
Now the environment is clean.
The reason the ID file is blank is because id is not in bin, I would have
thought it was.
Ok, now that's good. Just the test user's creds.
The environment looks clean, 28 variables total.Also, examine the environment,
in ENV. Check the manual page for dot-courier, ENV should contain only the
documented environment variables, and any environment variables that are
defined in the /usr/lib/courier/etc/courierd file.
4 are not mentioned in dot-courier or /etc/courier.
These are:
MAILDIRQUOTA=
COURIER_HOME=/usr
PWD=/home/test
SHLVL=2
This does not seem serious, but the documentation for courier should
mention these as the testing courier section of couriers docs mentions
that "Also, examine the environment, in ENV. Check the manual page for
dot-courier, ENV should contain only the documented environment
variables, and any environment variables that are defined in
the /usr/lib/courier/etc/courierd file."
Thanks, David
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
