Am 2017-08-11 um 14:58 schrieb Andreas Metzler:
> On 2017-08-10 Jakobus Schürz <wertsto...@nurfuerspam.de> wrote:
>> Package: exim4-base
>> Version: 4.89-2+deb9u1
>> Severity: normal
>
>> Dear Maintainer,
>
>> I have some systemd --user services from other packages.
>> The units are located in /etc/systemd/user/ or /usr/lib/systemd/user/
>> and enabled on installing.
>
>> When a daemon uses su or sudo on debian, it starts a service
>> user@$UID.service which is a systemd-daemon for the user-session. This
>> sessions are normally not started for Daemons with UID below 1000
>> (except Debian-gdm).
>
>> I asked on the systemd-mailinglist, whats the problem, because sometimes
>> exim starts an user-session (and with this the user-services which are
>> thought for login-users with UID greater-equal 1000).
>> They told me, there must be the use of su or sudo in some scripts from
>> the daemon.
>> I looked around and found, that there is su used in
>> /etc/cron.daily/exim4-base
>
>> You find my changes below to use runuser instead of su, which solves the
>> problems coming from the su-command.
> [...]
>> if [ -x /usr/sbin/exim_tidydb ]; then
>> cd $SPOOLDIR/db || exit 1
>> if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
>> -or -type f -printf '%f\0' | \
>> xargs -0r -n 1 \
>> start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
>> --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
>> # if we reach this, invoking exim_tidydb from start-stop-daemon has
>> # failed, most probably because of libpam-tmpdir being in use
>> # (see #373786 and #376165)
>> find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
>> -or -type f -printf '%f\0' | \
>> runuser --shell=/bin/bash \
>> Debian-exim \
>> --session-command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR >
>> /dev/null"
>> fi
>> fi
>
> Hello,
>
> for reference:
> It seems something is needed that
> a) uses PAM (because otherwise start-stop-daemon would have been enough)
> b) but does not invoke pam_systemd.
>
> That is true for /etc/pam.d/runuser (but not for /etc/pam.d/runuser-l,
> invoked by "runuser --login" or "runuser -")
ok. But what is this "something", which needs a pam-session to run tidydb?
I can see, "runuser --login" or "runuser -" or "runuser -l" also invokes
pam_systemd and starts the user-services, which i don't want.
I changed the lines a little bit:
find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
-or -type f -printf '%f\0' | \
runuser --shell=/bin/bash \
--command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR >
/dev/null" \
Debian-exim
I tried this manually, and it works... The cronjob did not fail anymore,
and the db got tidied.
bye jakob
