If you're using --mda parameter this is the documented behaviour of fetchmail: (from man page) If fetchmail is running as root, it sets its user id while delivering mail through an MDA as follows: First, the FETCH- MAILUSER, LOGNAME, and USER environment variables are checked in this order. The value of the first variable from his list that is defined (even if it is empty!) is looked up in the system user database. If none of the variables is defined, fetchmail will use the real user id it was started with. If one of the variables was defined, but the user stated there isn't found, fetchmail continues running as root, without checking remaining variables on the list. Practically, this means that if you run fetchmail as root (not recommended), it is most useful to define the FETCHMAILUSER environment variable to set the user that the MDA should run as. Some MDAs (such as maildrop) are designed to be setuid root and setuid to the recipient's user id, so you don't lose functionality this way even when running fetchmail as unprivileged user. Check the MDA's manual for details. So if you login by ssh, become root, and start the fetchmail with a global config that needs an MDA, it will try to use the MDA of your LOGNAME or USER and will give an error: Oct 27 19:15:38 oro fetchmail[89429]: Cannot switch effective user id to 1001: Operation not permitted Fix: define in the shell script FETCHMAILUSER as = $fetchmail_user (by default, fetchmail) before starting fetchmail in daemon mode. How-To-Repeat: 1) create a standard configuration that use other program as MDA and make sure that MDA program doesn't have setuid or setgid perms. 2) login as your current user 3) do su to become root 4) start the fetchmail daemon /usr/local/etc/rc.d/fetchmail start 5) look at the logs, you'll see it's unable to deliver anything.
Maintainer of mail/fetchmail, Please note that PR ports/151783 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151783 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
State Changed From-To: feedback->open Maintainer timeout
State Changed From-To: open->feedback pointed maintainer to this PR again
mandree 2011-08-15 20:13:22 UTC FreeBSD ports repository Modified files: mail/fetchmail Makefile mail/fetchmail/files fetchmail.in Log: Assorted minor fixes and touch-ups: - Fix: rcfile: export FETCHMAILUSER=$fetchmail_user [1] - Fix: when installing from source, make /var/run/fetchmail directory so that a global fetchmail installation won't break after port upgrades - Change: compile GSSAPI support by default (it's in base) - Cleanup: rcfile: drop support for fetchmail.sh script name - Cleanup: rcfile: don't mix backtick with apostrophe in comments, they don't match Reported by: thierry, Victor Balada Diaz <victor@bsdes.net> [1] Suggested by: Victor Balada Diaz <victor@bsdes.net> [1] PR: ports/151783 Approved by: maintainer timeout [1] Revision Changes Path 1.217 +8 -3 ports/mail/fetchmail/Makefile 1.10 +17 -20 ports/mail/fetchmail/files/fetchmail.in _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed. Thanks!
Maintainer replied being unable to respond before Aug 25. Commit over his head with assorted other fixes found during testing.