Hello to all, I have running unbound, nsd with MX record, smtpd and dovecot on this box. So far with good success. The mailserver is not meant to go public. I use to download mail from my mailproviders by means of fetchmail which I start on boot in daemon mode as root.
I don't want that. I want to start it on boot in daemon mode *as a user*. 1) I would like to be able to control fetchmail by means of rcctl no matter if run as a user or as root if that's at all possible. I can't manage to make either work. 2) I can start fetchmail on boot in daemon mode as root, but I have problems starting fetchmail as a daemon and *as a user* on boot. I did not manage to figure that out. Reason: fetchmail is started alright by rc.local as root - but to do that is "discouraged" for obvious security reasons. like in /etc/rc.local: /usr/local/bin/fetchmail -f /etc/fetchmailrc -d 600 --syslog fetchmail is started and does its job. I like to do it the "OpenBSD-way" but for the life of me I cannot figure out how to do that. fetchmail also works OK if started manually from the shell of localuser, provided /etc/fetchmailrc is owned by that user. I read the paper on rc.d by Antoine Jacoutot: https://www.bsdfrog.org/pub/events/openbsd-rcd-AsiaBSDCon2016-paper.pdf As I understand 'rcctl start daemon' actually does su -l -c daemon -s /bin/sh root -c \ "/path/to/daemon –flags" Does that mean that my efforts to try to start fetchmail (or any daemon) as a user are in vain? How else could I do that maybe while forsaking the possibility to control fetchmail by rcctl? What I tried so far: added user _fetchmail with nologin useradd -m -c "fetchmail daemon" -d /var/fetchmail -g =uid -s /sbin/nologin _fetchmail /etc/rc.d/fetchmail: #!/bin/sh # # $OpenBSD: fetchmail 2017/11/16 08:12:29 localuser Exp $ # daemon="/usr/local/bin/fetchmail" . /etc/rc.d/rc.subr rc_cmd $1 /etc/rc.conf.local: dhcpd_flags="em1" dovecot= fetchmail_flags="-f /etc/fetchmailrc -d 600 --syslog" fetchmail_user="_fetchmail" inetd_flags= mountd_flags= newsyslog= nfsd_flags= nmbd_flags="-D" nsd_flags= pkg_scripts="dovecot fetchmail fetchnews arpwatch" portmap_flags= sensorsd_flags= smbd_flags="-D" unbound_flags= /etc/fetchmailrc: poll pop.somemailprovider.net protocol POP3 user "someuser@somemailserver" password "XXXXXXXXXX" \ is "localuser" here fetchall ssl poll pop.somemailprovider.net protocol POP3 user "someotheruser@somemailserver" \ password "XXXXXXXXXX" is "localuser" here fetchall ssl poll pop.somemailprovider.net protocol POP3 user "somemoreuser@somemailserver" \ password "XXXXXXXXXXX" is "localuser" here fetchall ssl poll pop.gmail.com protocol POP3 user "[email protected]" password "XXXXXXXXXX" \ is "localuser" here fetchall ssl set postmaster [email protected] I tried with doas -u localuser but fetchmail is not started. # rcctl enable fetchmail # rcctl check fetchmail fetchmail(failed) and tried also with su localuser, but I gues that the latter can't work because the user _fetchmail has no shell. I ask myself if it would be better to run fetchmail as a progam by cron? adding it into /etc/crontab which allows to set the user. Sincerly Eike dmesg: OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017 [email protected]:/usr/src/sys/arch/amd64/compile/ GENERIC.MP real mem = 4261072896 (4063MB) avail mem = 4124913664 (3933MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries) bios0: vendor coreboot version "88a4f96" date 03/07/2016 bios0: PC Engines apu2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S2 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD GX-412TC SOC, 998.27 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: TSC frequency 998269680 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD GX-412TC SOC, 998.12 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD GX-412TC SOC, 998.12 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD GX-412TC SOC, 998.12 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE, 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins , remapped to apid 5 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PBR4) acpiprt2 at acpi0: bus 1 (PBR5) acpiprt3 at acpi0: bus 2 (PBR6) acpiprt4 at acpi0: bus 3 (PBR7) acpiprt5 at acpi0: bus 4 (PBR8) acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpibtn0 at acpi0: PWRB cpu0: 998 MHz: speeds: 1000 800 600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00 pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00 ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 "Intel I210" rev 0x03: msi, address 00:0d:b9:44:57:14 ppb1 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi pci2 at ppb1 bus 2 em1 at pci2 dev 0 function 0 "Intel I210" rev 0x03: msi, address 00:0d:b9:44:57:15 ppb2 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi pci3 at ppb2 bus 3 em2 at pci3 dev 0 function 0 "Intel I210" rev 0x03: msi, address 00:0d:b9:44:57:16 ppb3 at pci0 dev 2 function 5 "AMD AMD64 16h PCIE" rev 0x00: msi pci4 at ppb3 bus 4 jme0 at pci4 dev 0 function 0 "JMicron JMC250" rev 0x03: msi, address d8:9d:b9:00:2b:64 jmphy0 at jme0 phy 1: JMP211 10/100/1000 PHY, rev. 1 "AMD CCP" rev 0x00 at pci0 dev 8 function 0 not configured xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1 ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3 ahci0: port 0: 6.0Gb/s ahci0: port 1: 6.0Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: <ATA, TS32GMSA370, N112> SCSI3 0/direct fixed t10.ATA_TS32GMSA370_C421870614_ sd0: 30533MB, 512 bytes/sector, 62533296 sectors, thin sd1 at scsibus1 targ 1 lun 0: <ATA, ST6000VN0041-2EL, SC61> SCSI3 0/direct fixed naa.5000c5009367747a sd1: 5723166MB, 512 bytes/sector, 11721045168 sectors ehci0 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus disabled pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11 sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16 sdhc0: SDHC 2.0, 63 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00 pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00 pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00 km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00 pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00 pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x52 vmm0 at mainbus0: SVM/RVI scsibus2 at sdmmc0: 2 targets, initiator 0 sd2 at scsibus2 targ 1 lun 0: <SD/MMC, SS16G, 0080> SCSI2 0/direct removable sd2: 15193MB, 512 bytes/sector, 31116288 sectors umass0 at uhub0 port 1 configuration 1 interface 0 "Asmedia ASM1351" rev 3.10/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus3 at umass0: 2 targets, initiator 0 sd3 at scsibus3 targ 1 lun 0: <ASMT, 2135, 0> SCSI4 0/direct fixed serial. 174c13511234567891CF sd3: 3815447MB, 512 bytes/sector, 7814037168 sectors uhub2 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2 vscsi0 at root scsibus4 at vscsi0: 256 targets softraid0 at root scsibus5 at softraid0: 256 targets root on sd0a (b14c7cf55471ebf4.a) swap on sd0b dump on sd0b -- Eike Lantzsch ZP6CGE Hay potentes, impotentes y prepotentes.
