Am 2017-08-13 um 13:53 schrieb Andreas Metzler: > On 2017-08-13 Jakob Schürz <wertsto...@nurfuerspam.de> wrote: >> Am 2017-08-11 um 14:58 schrieb Andreas Metzler: >>> On 2017-08-10 Jakobus Schürz <wertsto...@nurfuerspam.de> wrote: > [...] >>>> # if we reach this, invoking exim_tidydb from start-stop-daemon has >>>> # failed, most probably because of libpam-tmpdir being in use >>>> # (see #373786 and #376165) > [...] >>> for reference: >>> It seems something is needed that >>> a) uses PAM (because otherwise start-stop-daemon would have been enough) >>> b) but does not invoke pam_systemd. > >>> That is true for /etc/pam.d/runuser (but not for /etc/pam.d/runuser-l, >>> invoked by "runuser --login" or "runuser -") > >> ok. But what is this "something", which needs a pam-session to run tidydb? > > See the comment in the file as quoted above. exim_tidydb needs a writeable > tmp-dir. If libpam-tmpdir is in use exim4-base.cron.daily's tmp-dir is > only writeable by root. So we a need "run as other user"-command that > re-uses libpam-tmpdir to setup a tmp-dir which is writeable by exim. > >> I can see, "runuser --login" or "runuser -" or "runuser -l" also invokes >> pam_systemd and starts the user-services, which i don't want. > >> I changed the lines a little bit: > >> find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \ >> -or -type f -printf '%f\0' | \ >> runuser --shell=/bin/bash \ >> --command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > >> /dev/null" \ >> Debian-exim > > So --command instead of --session-command also works. That is great, > since --session-command is marked as "discouraged" in the runuser > manpage. I will change this in GIT.
Sounds good! ;) When do you think, this will reach the goal to be in a debian-package in the repo? (Currently I'm using stable, so the update will be in testing?) This bug can be closed then. Thank you!! jakob
signature.asc
Description: OpenPGP digital signature
