On Fri, Nov 17, 2017 at 12:53:07PM +0000, Eike Lantzsch wrote: > Hello to all, > I have running unbound, nsd with MX record, smtpd and dovecot on this box. > So far with good success. > The mailserver is not meant to go public. > I use to download mail from my mailproviders by means of fetchmail which I > start on boot in daemon mode as root. > > I don't want that. I want to start it on boot in daemon mode *as a user*. > > 1) I would like to be able to control fetchmail by means of rcctl no matter > if > run as a user or as root if that's at all possible. I can't manage to make > either work. > > 2) I can start fetchmail on boot in daemon mode as root, but I have problems > starting fetchmail as a daemon and *as a user* on boot. I did not manage to > figure that out. > > Reason: fetchmail is started alright by rc.local as root - but to do that is > "discouraged" for obvious security reasons. > like in /etc/rc.local: > /usr/local/bin/fetchmail -f /etc/fetchmailrc -d 600 --syslog > fetchmail is started and does its job. > > I like to do it the "OpenBSD-way" but for the life of me I cannot figure out > how to do that. > > fetchmail also works OK if started manually from the shell of localuser, > provided /etc/fetchmailrc is owned by that user. > > I read the paper on rc.d by Antoine Jacoutot: > https://www.bsdfrog.org/pub/events/openbsd-rcd-AsiaBSDCon2016-paper.pdf > As I understand 'rcctl start daemon' actually does > su -l -c daemon -s /bin/sh root -c \ > "/path/to/daemon –flags" > Does that mean that my efforts to try to start fetchmail (or any daemon) as a > user are in vain? > > How else could I do that maybe while forsaking the possibility to control > fetchmail by rcctl? > > What I tried so far: > > added user _fetchmail with nologin > useradd -m -c "fetchmail daemon" -d /var/fetchmail -g =uid -s /sbin/nologin > _fetchmail > > /etc/rc.d/fetchmail: > #!/bin/sh > # > # $OpenBSD: fetchmail 2017/11/16 08:12:29 localuser Exp $ > # > daemon="/usr/local/bin/fetchmail" > . /etc/rc.d/rc.subr > rc_cmd $1 > > > /etc/rc.conf.local: > dhcpd_flags="em1" > dovecot= > fetchmail_flags="-f /etc/fetchmailrc -d 600 --syslog" > fetchmail_user="_fetchmail" > inetd_flags= > mountd_flags= > newsyslog= > nfsd_flags= > nmbd_flags="-D" > nsd_flags= > pkg_scripts="dovecot fetchmail fetchnews arpwatch" > portmap_flags= > sensorsd_flags= > smbd_flags="-D" > unbound_flags= > > > /etc/fetchmailrc: > poll pop.somemailprovider.net protocol POP3 user "someuser@somemailserver" > password "XXXXXXXXXX" \ > is "localuser" here fetchall ssl > poll pop.somemailprovider.net protocol POP3 user > "someotheruser@somemailserver" \ > password "XXXXXXXXXX" is "localuser" here fetchall ssl > poll pop.somemailprovider.net protocol POP3 user > "somemoreuser@somemailserver" > \ > password "XXXXXXXXXXX" is "localuser" here fetchall ssl > poll pop.gmail.com protocol POP3 user "[email protected]" password > "XXXXXXXXXX" \ > is "localuser" here fetchall ssl > set postmaster [email protected] > > > I tried with doas -u localuser > but fetchmail is not started. > # rcctl enable fetchmail > # rcctl check fetchmail > fetchmail(failed)
Did you actually start it before running 'check' ? i.e. rcctl start fetchmail To run rc.d in debug mode: rcctl -d start fetchmail > and tried also with su localuser, but I gues that the latter can't work > because the user _fetchmail has no shell. > > I ask myself if it would be better to run fetchmail as a progam by cron? > adding it into /etc/crontab which allows to set the user. > > Sincerly > Eike > > > dmesg: > OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017 > [email protected]:/usr/src/sys/arch/amd64/compile/ > GENERIC.MP > real mem = 4261072896 (4063MB) > avail mem = 4124913664 (3933MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries) > bios0: vendor coreboot version "88a4f96" date 03/07/2016 > bios0: PC Engines apu2 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S2 S3 S4 S5 > acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET > acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) > UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD GX-412TC SOC, 998.27 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, > 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 > cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu0: TSC frequency 998269680 Hz > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD GX-412TC SOC, 998.12 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, > 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 > cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: AMD GX-412TC SOC, 998.12 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, > 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 > cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: AMD GX-412TC SOC, 998.12 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, > 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 > cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu3: smt 0, core 3, package 0 > ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins > ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins > , remapped to apid 5 > acpihpet0 at acpi0: 14318180 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (PBR4) > acpiprt2 at acpi0: bus 1 (PBR5) > acpiprt3 at acpi0: bus 2 (PBR6) > acpiprt4 at acpi0: bus 3 (PBR7) > acpiprt5 at acpi0: bus 4 (PBR8) > acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS > acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS > acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS > acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS > acpibtn0 at acpi0: PWRB > cpu0: 998 MHz: speeds: 1000 800 600 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00 > pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00 > ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi > pci1 at ppb0 bus 1 > em0 at pci1 dev 0 function 0 "Intel I210" rev 0x03: msi, address > 00:0d:b9:44:57:14 > ppb1 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi > pci2 at ppb1 bus 2 > em1 at pci2 dev 0 function 0 "Intel I210" rev 0x03: msi, address > 00:0d:b9:44:57:15 > ppb2 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi > pci3 at ppb2 bus 3 > em2 at pci3 dev 0 function 0 "Intel I210" rev 0x03: msi, address > 00:0d:b9:44:57:16 > ppb3 at pci0 dev 2 function 5 "AMD AMD64 16h PCIE" rev 0x00: msi > pci4 at ppb3 bus 4 > jme0 at pci4 dev 0 function 0 "JMicron JMC250" rev 0x03: msi, address > d8:9d:b9:00:2b:64 > jmphy0 at jme0 phy 1: JMP211 10/100/1000 PHY, rev. 1 > "AMD CCP" rev 0x00 at pci0 dev 8 function 0 not configured > xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi > usb0 at xhci0: USB revision 3.0 > uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 > addr 1 > ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, > AHCI 1.3 > ahci0: port 0: 6.0Gb/s > ahci0: port 1: 6.0Gb/s > scsibus1 at ahci0: 32 targets > sd0 at scsibus1 targ 0 lun 0: <ATA, TS32GMSA370, N112> SCSI3 0/direct fixed > t10.ATA_TS32GMSA370_C421870614_ > sd0: 30533MB, 512 bytes/sector, 62533296 sectors, thin > sd1 at scsibus1 targ 1 lun 0: <ATA, ST6000VN0041-2EL, SC61> SCSI3 0/direct > fixed naa.5000c5009367747a > sd1: 5723166MB, 512 bytes/sector, 11721045168 sectors > ehci0 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18 > usb1 at ehci0: USB revision 2.0 > uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 > addr 1 > piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus > disabled > pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11 > sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16 > sdhc0: SDHC 2.0, 63 MHz base clock > sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma > pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00 > pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00 > pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00 > km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00 > pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00 > pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00 > isa0 at pcib0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > com0: console > com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > lpt0 at isa0 port 0x378/4 irq 7 > wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x52 > vmm0 at mainbus0: SVM/RVI > scsibus2 at sdmmc0: 2 targets, initiator 0 > sd2 at scsibus2 targ 1 lun 0: <SD/MMC, SS16G, 0080> SCSI2 0/direct removable > sd2: 15193MB, 512 bytes/sector, 31116288 sectors > umass0 at uhub0 port 1 configuration 1 interface 0 "Asmedia ASM1351" rev > 3.10/1.00 addr 2 > umass0: using SCSI over Bulk-Only > scsibus3 at umass0: 2 targets, initiator 0 > sd3 at scsibus3 targ 1 lun 0: <ASMT, 2135, 0> SCSI4 0/direct fixed serial. > 174c13511234567891CF > sd3: 3815447MB, 512 bytes/sector, 7814037168 sectors > uhub2 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices > product 0x7900" rev 2.00/0.18 addr 2 > vscsi0 at root > scsibus4 at vscsi0: 256 targets > softraid0 at root > scsibus5 at softraid0: 256 targets > root on sd0a (b14c7cf55471ebf4.a) swap on sd0b dump on sd0b > > -- > Eike Lantzsch ZP6CGE > > Hay potentes, impotentes y prepotentes. > > -- Antoine
