Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
Am 14.05.2016 um 21:42 schrieb Bill Keenan: Bob, the chown fixed the problem. Reindl, your answer seems to be describing a very different installation from 'sudo apt install spamassassin’. Am I correctly understanding the changes you are recommending? it has not to do anything with the package - no you should *never* install from source if there are packages (i know the troll with now comes talking about pre-compiled prpblems, ignore him) nobody is taking away the option of create systemd-timers, systemd-units and systemd-snippets since you can place whatever you need in /etc/systemd/system just because fedora ships a systemd-timer instead a conrd-snippet don't mean you can't create it at your own on a recent debian see also https://bugzilla.redhat.com/show_bug.cgi?id=1336143 which contains the snippet for Fedora to run as non-root the distribution ships the timer/service and i optimized it with a snippet https://www.freedesktop.org/software/systemd/man/systemd.timer.html https://wiki.archlinux.org/index.php/systemd#Drop-in_snippets _ [root@mail-gw:~]$ cat /usr/lib/systemd/system/sa-update.timer ### Spamassassin Rules Updates ### # # http://wiki.apache.org/spamassassin/RuleUpdates # # sa-update automatically updates your rules once per day if a spam daemon like # spamd or amavisd are running. [Unit] Description=Spamassassin Rules Update timer Documentation=man:sa-update(1) [Timer] OnCalendar=daily [Install] WantedBy=spamassassin.service _ [root@mail-gw:~]$ cat /usr/lib/systemd/system/sa-update.service ### Spamassassin Rules Updates ### # # http://wiki.apache.org/spamassassin/RuleUpdates # # sa-update automatically updates your rules once per day if a spam daemon like # spamd or amavisd are running. [Unit] Description=Spamassassin Rules Update Documentation=man:sa-update(1) [Service] # Note that the opposite of "yes" is the empty string, NOT "no" # Options for the actual sa-update command # These are added to the channel configuration from # /etc/mail/spamassassin/channel.d/*.conf Environment=OPTIONS=-v # Debug script - send mail even if no update available #Environment=DEBUG=yes # Send mail when updates successfully processed # Default: send mail only on error #Environment=NOTIFY_UPD=yes ExecStart=/usr/share/spamassassin/sa-update.cron SuccessExitStatus=1 On May 14, 2016, at 11:31 AM, Reindl Harald wrote: Am 14.05.2016 um 20:09 schrieb Bob Proulx: I see start-stop-daemon and so assume you are running either Debian or Ubuntu where the process runs as a non-root user. As can be seen the --chuid debian-spamd:debian-spamd option runs the process as a non-root user. But very commonly people manually run the download as root which then creates /var/lib/spamassassin as root. Once that happens the non-root debian-spamd is locked out. To restore permissions: chown -R debian-spamd:debian-spamd /var/lib/spamassassin And in the future avoid running it as root manually. With great power comes great responsibility. :-) you have the same problem on Fedora if your umask is sane the real fix would be make sure that folders / files have chmod 755/644 because you *do not* want run "sa-update" as the same user the daemon runs and so have write-permissions for the daemon a real clean and secuer setup needs a own user, in our case "sa-cleanup" which is also the only one with write permissions to bayes-samples and the spamd-service making sure permissions are sane so that the user spamd is uisng has read permissions ___ spamassassin.service PermissionsStartOnly=true User=sa-milt Group=sa-milt ExecStartPre=/usr/bin/chown -R sa-cleanup:root /var/lib/spamassassin/ ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type d -exec /bin/chmod 0755 "{}" \; ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type f -exec /bin/chmod 0644 "{}" \; ___ [root@mail-gw:~]$ systemctl status sa-update.service ? sa-update.service - Spamassassin Rules Update Loaded: loaded (/usr/lib/systemd/system/sa-update.service; static; vendor preset: disabled) Drop-In: /etc/systemd/system/sa-update.service.d ??update-user.conf Active: inactive (dead) since Sa 2016-05-14 01:58:47 CEST; 18h ago Docs: man:sa-update(1) Main PID: 9728 (code=exited, status=0/SUCCESS) ___ [root@mail-gw:~]$ cat /etc/systemd/system/sa-update.service.d/update-user.conf [Service] User=sa-cleanup Group=sa-milt [root@mail-gw: signature.asc Description: OpenPGP digital signature
Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
Bob, the chown fixed the problem. Reindl, your answer seems to be describing a very different installation from 'sudo apt install spamassassin’. Am I correctly understanding the changes you are recommending? > On May 14, 2016, at 11:31 AM, Reindl Harald wrote: > > > > Am 14.05.2016 um 20:09 schrieb Bob Proulx: >> I see start-stop-daemon and so assume you are running either Debian or >> Ubuntu where the process runs as a non-root user. As can be seen the >> --chuid debian-spamd:debian-spamd option runs the process as a >> non-root user. But very commonly people manually run the download as >> root which then creates /var/lib/spamassassin as root. Once that >> happens the non-root debian-spamd is locked out. >> >> To restore permissions: >> >> chown -R debian-spamd:debian-spamd /var/lib/spamassassin >> >> And in the future avoid running it as root manually. With great power >> comes great responsibility. :-) > > you have the same problem on Fedora if your umask is sane > > the real fix would be make sure that folders / files have chmod 755/644 > because you *do not* want run "sa-update" as the same user the daemon runs > and so have write-permissions for the daemon > > a real clean and secuer setup needs a own user, in our case "sa-cleanup" > which is also the only one with write permissions to bayes-samples and the > spamd-service making sure permissions are sane so that the user spamd is > uisng has read permissions > ___ > > spamassassin.service > > PermissionsStartOnly=true > User=sa-milt > Group=sa-milt > ExecStartPre=/usr/bin/chown -R sa-cleanup:root /var/lib/spamassassin/ > ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type d -exec /bin/chmod > 0755 "{}" \; > ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type f -exec /bin/chmod > 0644 "{}" \; > ___ > > [root@mail-gw:~]$ systemctl status sa-update.service > ? sa-update.service - Spamassassin Rules Update > Loaded: loaded (/usr/lib/systemd/system/sa-update.service; static; vendor > preset: disabled) > Drop-In: /etc/systemd/system/sa-update.service.d > ??update-user.conf > Active: inactive (dead) since Sa 2016-05-14 01:58:47 CEST; 18h ago >Docs: man:sa-update(1) > Main PID: 9728 (code=exited, status=0/SUCCESS) > ___ > > [root@mail-gw:~]$ cat /etc/systemd/system/sa-update.service.d/update-user.conf > [Service] > User=sa-cleanup > Group=sa-milt > [root@mail-gw: >
Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
Am 14.05.2016 um 20:09 schrieb Bob Proulx: I see start-stop-daemon and so assume you are running either Debian or Ubuntu where the process runs as a non-root user. As can be seen the --chuid debian-spamd:debian-spamd option runs the process as a non-root user. But very commonly people manually run the download as root which then creates /var/lib/spamassassin as root. Once that happens the non-root debian-spamd is locked out. To restore permissions: chown -R debian-spamd:debian-spamd /var/lib/spamassassin And in the future avoid running it as root manually. With great power comes great responsibility. :-) you have the same problem on Fedora if your umask is sane the real fix would be make sure that folders / files have chmod 755/644 because you *do not* want run "sa-update" as the same user the daemon runs and so have write-permissions for the daemon a real clean and secuer setup needs a own user, in our case "sa-cleanup" which is also the only one with write permissions to bayes-samples and the spamd-service making sure permissions are sane so that the user spamd is uisng has read permissions ___ spamassassin.service PermissionsStartOnly=true User=sa-milt Group=sa-milt ExecStartPre=/usr/bin/chown -R sa-cleanup:root /var/lib/spamassassin/ ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type d -exec /bin/chmod 0755 "{}" \; ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type f -exec /bin/chmod 0644 "{}" \; ___ [root@mail-gw:~]$ systemctl status sa-update.service ? sa-update.service - Spamassassin Rules Update Loaded: loaded (/usr/lib/systemd/system/sa-update.service; static; vendor preset: disabled) Drop-In: /etc/systemd/system/sa-update.service.d ??update-user.conf Active: inactive (dead) since Sa 2016-05-14 01:58:47 CEST; 18h ago Docs: man:sa-update(1) Main PID: 9728 (code=exited, status=0/SUCCESS) ___ [root@mail-gw:~]$ cat /etc/systemd/system/sa-update.service.d/update-user.conf [Service] User=sa-cleanup Group=sa-milt [root@mail-gw: signature.asc Description: OpenPGP digital signature
Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
Bill Keenan wrote: > > > env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ > > > --chuid debian-spamd:debian-spamd --start \ > > > --exec /usr/bin/sa-update -- -v \ > > > --gpghomedir /var/lib/spamassassin/sa-update-keys 2>&1 > > RW wrote: > > 23 Write error. Curl couldn't write data to a local filesystem or > > similar. > > RW, thanks for looking up the cURL error. I was so focused on > googling, I failed to RTM. I don’t know why, but I have something to > focus my investigation on. I see start-stop-daemon and so assume you are running either Debian or Ubuntu where the process runs as a non-root user. As can be seen the --chuid debian-spamd:debian-spamd option runs the process as a non-root user. But very commonly people manually run the download as root which then creates /var/lib/spamassassin as root. Once that happens the non-root debian-spamd is locked out. To restore permissions: chown -R debian-spamd:debian-spamd /var/lib/spamassassin And in the future avoid running it as root manually. With great power comes great responsibility. :-) Bob
Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
John, the errors I showed were from adding a -v to the /bin/sh and doing sudo spamassissin. RW, thanks for looking up the cURL error. I was so focused on googling, I failed to RTM. I don’t know why, but I have something to focus my investigation on. > On May 14, 2016, at 4:18 AM, RW wrote: > > On Fri, 13 May 2016 14:57:02 -0700 > Bill Keenan wrote: > >> Googling this turns up some speculation…are the 4 curls failing >> because of a mirror problem? Shame on me for not watching…I do not >> know when this error started to occur. If there is a fix, where is it >> documented? >> >> Bill >> >> SpamAssassin version 3.4.1 >> running on Perl version 5.20.2 >> >> # Update >> umask 022 >> env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ >> --chuid debian-spamd:debian-spamd --start \ >> --exec /usr/bin/sa-update -- -v \ >> --gpghomedir /var/lib/spamassassin/sa-update-keys 2>&1 >> Update available for channel updates.spamassassin.org: 1742071 -> >> 1743481 http: (curl) GET http://sa-update.secnap.net/1743481.tar.gz, >> FAILED, status: exit 23 http: (curl) GET >> http://www.sa-update.pccc.com/1743481.tar.gz, FAILED, status: exit 23 >> http: (curl) GET http://sa-update.space-pro.be/1743481.tar.gz, >> FAILED, status: exit 23 http: (curl) GET >> http://sa-update.dnswl.org/1743481.tar.gz, FAILED, status: exit 23 >> channel: could not find working mirror, channel failed Update failed, >> exiting with code 4 >> > > From the curl man page: > > 23 Write error. Curl couldn't write data to a local filesystem or > similar.
Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
On Fri, 13 May 2016 14:57:02 -0700 Bill Keenan wrote: > Googling this turns up some speculation…are the 4 curls failing > because of a mirror problem? Shame on me for not watching…I do not > know when this error started to occur. If there is a fix, where is it > documented? > > Bill > > SpamAssassin version 3.4.1 > running on Perl version 5.20.2 > > # Update > umask 022 > env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ > --chuid debian-spamd:debian-spamd --start \ > --exec /usr/bin/sa-update -- -v \ > --gpghomedir /var/lib/spamassassin/sa-update-keys 2>&1 > Update available for channel updates.spamassassin.org: 1742071 -> > 1743481 http: (curl) GET http://sa-update.secnap.net/1743481.tar.gz, > FAILED, status: exit 23 http: (curl) GET > http://www.sa-update.pccc.com/1743481.tar.gz, FAILED, status: exit 23 > http: (curl) GET http://sa-update.space-pro.be/1743481.tar.gz, > FAILED, status: exit 23 http: (curl) GET > http://sa-update.dnswl.org/1743481.tar.gz, FAILED, status: exit 23 > channel: could not find working mirror, channel failed Update failed, > exiting with code 4 > From the curl man page: 23 Write error. Curl couldn't write data to a local filesystem or similar.
Re: /etc/cron.daily/spamassassin - Update failed, exiting with code 4
On Fri, 13 May 2016, Bill Keenan wrote: Googling this turns up some speculation…are the 4 curls failing because of a mirror problem? Shame on me for not watching…I do not know when this error started to occur. If there is a fix, where is it documented? Bill SpamAssassin version 3.4.1 running on Perl version 5.20.2 # Update umask 022 env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ --chuid debian-spamd:debian-spamd --start \ --exec /usr/bin/sa-update -- -v \ --gpghomedir /var/lib/spamassassin/sa-update-keys 2>&1 Update available for channel updates.spamassassin.org: 1742071 -> 1743481 http: (curl) GET http://sa-update.secnap.net/1743481.tar.gz, FAILED, status: exit 23 http: (curl) GET http://www.sa-update.pccc.com/1743481.tar.gz, FAILED, status: exit 23 http: (curl) GET http://sa-update.space-pro.be/1743481.tar.gz, FAILED, status: exit 23 http: (curl) GET http://sa-update.dnswl.org/1743481.tar.gz, FAILED, status: exit 23 channel: could not find working mirror, channel failed Update failed, exiting with code 4 ...what happens when you try to download that file interactively? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Justice is justice, whereas "social justice" is code for one set of rules for the rich, another for the poor; one set for whites, another set for minorities; one set for straight men, another for women and gays. In short, it's the opposite of actual justice. -- Burt Prelutsky --- 143 days since the first successful real return to launch site (SpaceX)
/etc/cron.daily/spamassassin - Update failed, exiting with code 4
Googling this turns up some speculation…are the 4 curls failing because of a mirror problem? Shame on me for not watching…I do not know when this error started to occur. If there is a fix, where is it documented? Bill SpamAssassin version 3.4.1 running on Perl version 5.20.2 # Update umask 022 env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \ --chuid debian-spamd:debian-spamd --start \ --exec /usr/bin/sa-update -- -v \ --gpghomedir /var/lib/spamassassin/sa-update-keys 2>&1 Update available for channel updates.spamassassin.org: 1742071 -> 1743481 http: (curl) GET http://sa-update.secnap.net/1743481.tar.gz, FAILED, status: exit 23 http: (curl) GET http://www.sa-update.pccc.com/1743481.tar.gz, FAILED, status: exit 23 http: (curl) GET http://sa-update.space-pro.be/1743481.tar.gz, FAILED, status: exit 23 http: (curl) GET http://sa-update.dnswl.org/1743481.tar.gz, FAILED, status: exit 23 channel: could not find working mirror, channel failed Update failed, exiting with code 4