Bugzilla – Bug 905673
Fetchmail cannot be customized as before
Last modified: 2019-06-05 14:40:11 UTC
I found that fetchmail is now integrated into systemd. That way, it has lost most of its ability of being customized. Up to openSUSE 13.1, there was a configuration file in /etc/sysconfig/fetchmail where one could set many parameters that cannot be configured in /etc/fetchmailrc, e.g.: FETCHMAIL_POLLING_INTERVAL FETCHMAIL_FETCHALL FETCHMAIL_SILENT FETCHMAIL_USER FETCHMAIL_EXPERT_OPTIONS FETCHMAIL_RC_PATH While one can change that by editing /usr/lib/systemd/system/fetchmail.service, this is error-prone as that file would most probably get replaced by a future update of the package. I think this is due to quick-and-dirty transformation of the service. At least some of the relevant options could be kept configurable with a version like this: [Unit] Description=A remote-mail retrieval utility After=network.target [Service] Environment='FETCHMAIL_POLLING_INTERVAL=900' 'FETCHMAIL_RC_PATH=/etc/fetchmailrc' 'FETCHMAIL_USER=fetchmail' EnvironmentFile=-/etc/sysconfig/fetchmail User=$FETCHMAIL_USER ExecStart=/usr/bin/fetchmail -d $FETCHMAIL_POLLING_INTERVAL $FETCHMAIL_EXPERT_OPTIONS -f $FETCHMAIL_RC_PATH RestartSec=1 [Install] WantedBy=multi-user.target The SILENT and FETCHALL options can then be had by using "-s" and/or "-a" in FETCHMAIL_EXPERT_OPTIONS respectively.
P.S.: The $FETCHMAIL_USER in my example does not work, although it should. P.P.S.: Should this be re-integrated, do not forget to supply a fitting /etc/sysconfig/fetchmail again.
I have done some further investigation but am yet to get a working solution this may help someone on there way though. systemd doesn't support changing user from the environment so the process must be launched as root and then use a script or su to change users. I was working on the following however I have not been able to get it working [Unit] Description=A remote-mail retrieval utility After=network.target [Service] EnvironmentFile=-/etc/sysconfig/fetchmail # User doesn't support environment variables # User=fetchmail Type=forking # PID file so systemd can track PIDFile=/run/fetchmail.pid ExecStart=/usr/bin/su $FETCHMAIL_USER -c "/usr/bin/fetchmail --daemon --pidfile=/run/fetchmail.pid -d $FETCHMAIL_POLLING_INTERVAL $FETCHMAIL_EXPERT_OPTIONS -f $FETCHMAIL_RC_PATH" [Install] WantedBy=multi-user.target If you do not care about setting the user from the /etc/sysconfig file I did have the following working in my case but it may need further testing. [Unit] Description=A remote-mail retrieval utility After=network.target [Service] EnvironmentFile=-/etc/sysconfig/fetchmail # User doesn't support environment variables User=fetchmail ExecStart=/usr/bin/fetchmail -d $FETCHMAIL_POLLING_INTERVAL $FETCHMAIL_EXPERT_OPTIONS -f $FETCHMAIL_RC_PATH [Install] WantedBy=multi-user.target
(In reply to Uwe Meyer-Gruhl from comment #0) > While one can change that by editing > /usr/lib/systemd/system/fetchmail.service, this is error-prone as that file > would most probably get replaced by a future update of the package. You are supposed to copy that file to /etc/systemd/system/fetchmail.service and make the changes there. > I think this is due to quick-and-dirty transformation of the service. At > least some of the relevant options could be kept configurable [...] All except for changing the user, which is complicated and I will rather remove it in favor of changing the systemd service file.
This is an autogenerated message for OBS integration: This bug (905673) was mentioned in https://build.opensuse.org/request/show/386268 Factory / fetchmail
(In reply to Přemysl Janouch from comment #4) > (In reply to Uwe Meyer-Gruhl from comment #0) > > > I think this is due to quick-and-dirty transformation of the service. At > > least some of the relevant options could be kept configurable [...] > > All except for changing the user, which is complicated and I will rather > remove it in favor of changing the systemd service file. But that is the key point, because it is security-relevant. If there was a bug in fetchmail that could be triggered by ill-formed mail or header contents, one would not like to have a privilege escalation to root. Fetchmail itself even barks: "fetchmail: WARNING: Running as root is discouraged." when started as root in daemon mode. The ability to configure the user was there in case there were any problems with an MDA in non-root mode in the first place. IMHO, without the ability to configure a nonprivileged user, the section to add a "fetchmail" daemon user in the fetchmail.spec file is pointless, too.
(In reply to Uwe Meyer-Gruhl from comment #6) > [...] The default (that cannot be changed with sysconfig now) is _not_ running as root.
(In reply to Přemysl Janouch from comment #7) > (In reply to Uwe Meyer-Gruhl from comment #6) > > [...] > > The default (that cannot be changed with sysconfig now) is _not_ running as > root. Oh, I see. It is User=fetchmail by default in the fetchmail.service file (it's been a while since I looked into it). So all we lose is the flexibility - that is O.K.
This is an autogenerated message for OBS integration: This bug (905673) was mentioned in https://build.opensuse.org/request/show/386298 Factory / fetchmail
Submitted for 13.2, Leap, SLE12, closing.
This is an autogenerated message for OBS integration: This bug (905673) was mentioned in https://build.opensuse.org/request/show/390830 13.2 / fetchmail https://build.opensuse.org/request/show/390831 42.1 / fetchmail
(In reply to Přemysl Janouch from comment #4) > (In reply to Uwe Meyer-Gruhl from comment #0) > > While one can change that by editing > > /usr/lib/systemd/system/fetchmail.service, this is error-prone as that file > > would most probably get replaced by a future update of the package. > > You are supposed to copy that file to /etc/systemd/system/fetchmail.service > and make the changes there. For completeness - or create /etc/systemd/system/fetchmail.service.d/ and place your overrides/changes in a file there.
openSUSE-RU-2016:1184-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 905673,959682 CVE References: Sources used: openSUSE 13.2 (src): fetchmail-6.3.26-6.3.1
openSUSE-RU-2016:1185-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 905673 CVE References: Sources used: openSUSE Leap 42.1 (src): fetchmail-6.3.26-14.1
*** Bug 979346 has been marked as a duplicate of this bug. ***
SUSE-RU-2016:1284-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 905673,959682 CVE References: Sources used: SUSE Linux Enterprise Server 12-SP1 (src): fetchmail-6.3.26-9.1 SUSE Linux Enterprise Server 12 (src): fetchmail-6.3.26-9.1 SUSE Linux Enterprise Desktop 12-SP1 (src): fetchmail-6.3.26-9.1 SUSE Linux Enterprise Desktop 12 (src): fetchmail-6.3.26-9.1
*** Bug 932163 has been marked as a duplicate of this bug. ***