Am 2017-08-11 um 14:58 schrieb Andreas Metzler: > On 2017-08-10 Jakobus Schürz <wertsto...@nurfuerspam.de> wrote: >> Package: exim4-base >> Version: 4.89-2+deb9u1 >> Severity: normal > >> Dear Maintainer, > >> I have some systemd --user services from other packages. >> The units are located in /etc/systemd/user/ or /usr/lib/systemd/user/ >> and enabled on installing. > >> When a daemon uses su or sudo on debian, it starts a service >> user@$UID.service which is a systemd-daemon for the user-session. This >> sessions are normally not started for Daemons with UID below 1000 >> (except Debian-gdm). > >> I asked on the systemd-mailinglist, whats the problem, because sometimes >> exim starts an user-session (and with this the user-services which are >> thought for login-users with UID greater-equal 1000). >> They told me, there must be the use of su or sudo in some scripts from >> the daemon. >> I looked around and found, that there is su used in >> /etc/cron.daily/exim4-base > >> You find my changes below to use runuser instead of su, which solves the >> problems coming from the su-command. > [...] >> if [ -x /usr/sbin/exim_tidydb ]; then >> cd $SPOOLDIR/db || exit 1 >> if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \ >> -or -type f -printf '%f\0' | \ >> xargs -0r -n 1 \ >> start-stop-daemon --start --exec /usr/sbin/exim_tidydb \ >> --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then >> # if we reach this, invoking exim_tidydb from start-stop-daemon has >> # failed, most probably because of libpam-tmpdir being in use >> # (see #373786 and #376165) >> find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \ >> -or -type f -printf '%f\0' | \ >> runuser --shell=/bin/bash \ >> Debian-exim \ >> --session-command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > >> /dev/null" >> fi >> fi > > Hello, > > for reference: > It seems something is needed that > a) uses PAM (because otherwise start-stop-daemon would have been enough) > b) but does not invoke pam_systemd. > > That is true for /etc/pam.d/runuser (but not for /etc/pam.d/runuser-l, > invoked by "runuser --login" or "runuser -")
ok. But what is this "something", which needs a pam-session to run tidydb? I can see, "runuser --login" or "runuser -" or "runuser -l" also invokes pam_systemd and starts the user-services, which i don't want. I changed the lines a little bit: find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \ -or -type f -printf '%f\0' | \ runuser --shell=/bin/bash \ --command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \ Debian-exim I tried this manually, and it works... The cronjob did not fail anymore, and the db got tidied. bye jakob