Re: [exim] Spurious permission denied error

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Russell King
Date:  
À: exim-users
Sujet: Re: [exim] Spurious permission denied error
On Mon, Apr 27, 2020 at 09:11:18PM +0100, Jeremy Harris via Exim-users wrote:
> On 27/04/2020 20:52, Russell King via Exim-users wrote:
> > I'm running debian stable on my machines, and I've noticed that when
> > one of my scripts sends email,
>
> I'm hoping that means you can trigger it on demsnd?


I believe so - exim is being called from a perl script running as the
user stated in the log line thusly:

    /usr/sbin/sendmail -oi -t


> > I get a spurious and unexplained
> > "Permission denied" error:
> >
> > 2020-04-27 20:36:15 1jT9Y7-0003B4-Mf <= patchd@??? U=patchd P=local S=1535
> > 2020-04-27 20:36:15 1jT9Y7-0003B4-Mf H=pandora.armlinux.org.uk [xxxx:xxxx:xxxx:xxxx:214:fdff:fe10:1be6] Permission denied
>
> > My guess is that there is some file that exim can't access while
> > attempting to send to pandora, but I think working out what is
> > going to be very hard (I guess debug isn't allowed from non-root
> > users?)
>
> If you have root, the moral equivalent of
>
> # service exim stop && exim -d+all -bd 2>&1 | tee log
> ...
> ctrl-c
> # service exim start
> # less log


How does that help when the process that accepted the message and
delivered it was started by the user concerned, and the message
was not handled by the daemonised exim? Running the daemonised
exim with debug enabled clearly is not going to help in this
instance.

> > However, there's a general principle of error reporting here:
> > shouldn't error messages contain some hint as to what is being
> > done when the error was encountered?
>
> I agree, and that's bugworthy. Please get debug output so
> we can locate where in processing it is; that should help
> find the problem coding.


Due to the implemented security on setuid processes started by non-root
users, I don't think I can. See above, and my initial message where I
also explained why that is not possible.

--
Russell King