On Friday, November 17, 2017 1:59:45 PM -03 Antoine Jacoutot wrote:
> On Fri, Nov 17, 2017 at 12:53:07PM +0000, Eike Lantzsch wrote:
[snip]
> > 1) I would like to be able to control fetchmail by means of rcctl no
> > matter if run as a user or as root if that's at all possible. I can't
> > manage to make either work.
> >
> > 2) I can start fetchmail on boot in daemon mode as root, but I have
> > problems starting fetchmail as a daemon and *as a user* on boot. I did
> > not manage to figure that out.
> >
> > Reason: fetchmail is started alright by rc.local as root - but to do that
> > is "discouraged" for obvious security reasons.
> > like in /etc/rc.local:
> > /usr/local/bin/fetchmail -f /etc/fetchmailrc -d 600 --syslog
> > fetchmail is started and does its job.
> >
> > I like to do it the "OpenBSD-way" but for the life of me I cannot figure
> > out how to do that.
[snip]
> > What I tried so far:
> >
> > added user _fetchmail with nologin
> > useradd -m -c "fetchmail daemon" -d /var/fetchmail -g =uid -s
> > /sbin/nologin
> > _fetchmail
> >
> > /etc/rc.d/fetchmail:
> > #!/bin/sh
> > #
> > # $OpenBSD: fetchmail 2017/11/16 08:12:29 localuser Exp $
> > #
> > daemon="/usr/local/bin/fetchmail"
> > . /etc/rc.d/rc.subr
> > rc_cmd $1
> >
> >
> > /etc/rc.conf.local:
> > dhcpd_flags="em1"
> > dovecot=
> > fetchmail_flags="-f /etc/fetchmailrc -d 600 --syslog"
> > fetchmail_user="_fetchmail"
> > inetd_flags=
> > mountd_flags=
> > newsyslog=
> > nfsd_flags=
> > nmbd_flags="-D"
> > nsd_flags=
> > pkg_scripts="dovecot fetchmail fetchnews arpwatch"
> > portmap_flags=
> > sensorsd_flags=
> > smbd_flags="-D"
> > unbound_flags=
> >
> >
> > /etc/fetchmailrc:
> > poll pop.somemailprovider.net protocol POP3 user "someuser@somemailserver"
> > password "XXXXXXXXXX" \
> > is "localuser" here fetchall ssl
> > poll pop.somemailprovider.net protocol POP3 user
> > "someotheruser@somemailserver" \
> > password "XXXXXXXXXX" is "localuser" here fetchall ssl
> > poll pop.somemailprovider.net protocol POP3 user
> > "somemoreuser@somemailserver" \
> > password "XXXXXXXXXXX" is "localuser" here fetchall ssl
> > poll pop.gmail.com protocol POP3 user "[email protected]" password
> > "XXXXXXXXXX" \
> > is "localuser" here fetchall ssl
> > set postmaster [email protected]
> >
> >
> > I tried with doas -u localuser
> > but fetchmail is not started.
> > # rcctl enable fetchmail
> > # rcctl check fetchmail
> > fetchmail(failed)
>
> Did you actually start it before running 'check' ?
> i.e. rcctl start fetchmail
> To run rc.d in debug mode:
> rcctl -d start fetchmail
Thank you for that hint!
# rcctl -d start fetchmail
doing _rc_parse_conf
doing _rc_quirks
fetchmail_flags >-f /etc/fetchmailrc -d 600 --syslog<
doing _rc_parse_conf /var/run/rc.d/fetchmail
doing _rc_quirks
doing rc_check
fetchmail
doing rc_start
doing _rc_wait start
doing rc_check
File /etc/fetchmailrc must be owned by you.
doing _rc_rm_runfile
(failed)
[facepalm]
consequently I changed the ownership of /etc/fetchmailrc to
_fetchmail:_fetchmail
(I thought that I did that before ??? no excuses.)
and - low and behold:
# rcctl -d start fetchmail
doing _rc_parse_conf
doing _rc_quirks
fetchmail_flags >-f /etc/fetchmailrc -d 600 --syslog<
doing _rc_parse_conf /var/run/rc.d/fetchmail
doing _rc_quirks
doing rc_check
fetchmail
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_write_runfile
(ok)
# ps aux | grep fetchmail
_fetchma 6701 0.4 0.1 1512 4472 ?? Ss 10:04AM 0:00.18 /usr/local/
bin/fetchmail -f /etc/fetchmailrc -d 600 --syslog
root 1426 0.0 0.0 132 360 p1 R+/3 10:05AM 0:00.00 grep
fetchmail
# rcctl -d check fetchmail
doing _rc_parse_conf
doing _rc_quirks
fetchmail_flags >-f /etc/fetchmailrc -d 600 --syslog<
doing _rc_parse_conf /var/run/rc.d/fetchmail
doing _rc_quirks
fetchmail
doing rc_check
(ok)
Thankyou! Thankyou! Thankyou!
--
Eike Lantzsch ZP6CGE
Hay potentes, impotentes [sic] y prepotentes.
