On 03/19/2010 08:53 PM, Jonathan Ryshpan wrote:
On Fri, 2010-03-19 at 14:39 -0700, Craig White wrote:
> On Fri, 2010-03-19 at 14:08 -0700, Jonathan Ryshpan wrote:
>
>> On Fri, 2010-03-19 at 15:02 -0500, Steven Stern wrote:
>>
>>> On 03/19/2010 02:52 PM, Jonathan Ryshpan wrote:
>>>
>>>> I have a little script to start fetchmail, which is activated in
>>>> rc.local. It runs perfectly when started from a root login; but it
>>>> fails when started from rc.local.
>>>>
>>>> Here is the info:
>>>> =========================== Scripts Start ===========================
>>>> $ more rc.local fetchmail-start
>>>> ::::::::::::::
>>>> rc.local
>>>> ::::::::::::::
>>>> #!/bin/sh
>>>> #
>>>> # This script will be executed *after* all the other init
scripts.
>>>> # You can put your own initialization stuff in here if you
don't
>>>> # want to do the full Sys V style init stuff.
>>>>
>>>> # Fork a script that will start fetchmail for jonrysh in a few
seconds
>>>> /etc/rc.d/fetchmail-start
>>>>
>>>> touch /var/lock/subsys/local
>>>> ::::::::::::::
>>>> fetchmail-start
>>>> ::::::::::::::
>>>> #!/bin/sh
>>>> #
>>>> # Start fetchmail for jonrysh
>>>>
>>>> su jonrysh -c 'sleep 5; fetchmail'
>>>>
>>>> =========================== Messages Start ===========================
>>>> Fetchmail emits the following error message and fails:
>>>> fetchmail: open: /home/jonrysh/.fetchmailrc: Permission denied
>>>>
>>>> What's happening? How can it be fixed?
>>>>
>>
>>> The perms on /home/jonrysh/.fetchmailrc need to be 600, with ownership
>>> given to jonrysh:jonrysh
>>>
>> Everything is as you recommend. Note that the scheme works when invoked
>> from a command window running a shell as root, but not from the init
>> script.
>>
>>
>>> You could also start it without the su by adding it to your own crontab:
>>> @reboot sleep 30& fetchmail
>>>
>> Thanks, I'll try this. But I'd still like to know what's the reason
for
>> the permission failure when running out of rc.local . SELinux issues?
>>
>>
> ----
> this works for me (in rc.local)...
>
> /bin/su - craig -c '/usr/bin/fetchmail'&
>
I tried it, and now things are worse than before. The startup script
now reads:
#!/bin/sh
#
# Start fetchmail for jonrysh
su - jonrysh -c 'sleep 5; fetchmail'
Now there's an additional error in boot.log:
...
Starting atd: [
OK ]
Error opening display!
fetchmail: open: /home/jonrysh/.fetchmailrc: Permission denied
The display did actually start OK after a short delay. It's a mystery
to me.
Thanks to all - jon
Check to see if there are SELinux AVC messages in /var/log/audit/audit.log
# grep fetchmail /var/log/audit/audit.log
Also instead of using su, use runuser (Same thing except runuser does
not use the pam stack.)