Hi Timo,
On Thu, Feb 08, 2024 at 10:56:07PM +0100, Timo Sigurdsson wrote:
> Marc Haber schrieb am 07.02.2024 15:08 (GMT +01:00):
> > This is not correct, MAILCMD is honored.
> Yes, that's how I worked around it. But that wasn't needed before Bookworm.
Yes. It's a corollary of the changes we did to the package during the
bookworm cycle. Before, the aide processes were running as root and
everything was easier. Now, we're not running as root by default but
need special measures to be able to send mail.
> > Documentation says:
> >
> > | The daily aide check will automatically select the method of sending
> > | mail according to the rules documented above. The variable MAILCMD in
> > | /etc/default/aide can be used to override these rules. If you know
> > | that your mail(1) works in a scenario where the automatism refuses to
> > | use mail(1), setting MAILCMD to the path to mail(1) manually will force
> > | the script to use mail(1). If you need more flexibility and/or would
> > | prefer to have additional methods of delivering the report supported
> > | by the package, please file a wishlist bug.
>
> I somehow did not fully read that paragraph. That is actually quite close to
> what I proposed, except I'd prefer the script not trying to be too smart
> here, but it's fair enough, I think.
Without the script being smart, the error messages that happen are
totally misleading. That's why I added so much smartness. I don't
remember the exact messages, but I remember that the error messages led
me into a totally wrong direction when I was developing the new
mechanisms.
> >> The downside is
> >> that my custom MAILSUBJ is ignored now since Debian Bookworm.
> >
> > MAILSUBJ is honored in the code of dailyaidecheck:
> > if [ -n "${MAILCMD:-}" ]; then
> > eval "${MAILCMD} -s \"${MAILSUBJ}\" \"${MAILTO}\"" || RET=$?
> >
> > mailx is documented to honor the -s parameter. Please verify that mailx
> > is called correctly by our code and file an appropriate bug either
> > against aide or mailx.
>
> You are right. I actually confused the change of my MAILSUBJ - it is honored
> - with the new sender name (since it's not root anymore that sends mail). So,
> everything works as expected.
Would you mind elaborating about the sender name? Maybe it makes sense
to add more flexibility here?
> Sorry for the noise :(
No noise at all, you got me reflecting and thinking about those things
again. That's good.
Never having used Postfix, I wasn't aware that there are MTAs that can
work without /usr/lib/sendmail being suid. Is it worth re-wording the
docs? I'd rather not touch the actual code by finding out whether
/usr/lib/sendmail needs suid or not and adapting to that finding, but
maybe it would help to re-word the docs. Would you want to suggest
alternative wording?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
