[horde] [whups]: error on script pipe in postfix
Jan Schneider
jan at horde.org
Sun Mar 11 20:05:44 UTC 2018
Zitat von Carsten <horde-groupware at familie-lahme.de>:
> Am 11.03.2018 um 13:07 schrieb Carsten:
>>
>>
>> Am 11.03.2018 um 12:35 schrieb Carsten:
>>>
>>>
>>> Am 10.03.2018 um 21:00 schrieb Jan Schneider:
>>>>
>>>> Zitat von Carsten <horde-groupware at familie-lahme.de>:
>>>>
>>>>> Am 10.03.2018 um 11:20 schrieb Jan Schneider:
>>>>>>
>>>>>> Zitat von Carsten <horde-groupware at familie-lahme.de>:
>>>>>>
>>>>>>> Am 09.03.2018 um 11:38 schrieb Jan Schneider:
>>>>>>>>
>>>>>>>> Zitat von Carsten <horde-groupware at familie-lahme.de>:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> I try the set up whups with automated ticket generation from mails.
>>>>>>>>>
>>>>>>>>> my postfix sends the incoming mail to the pipe, but returns
>>>>>>>>> such an error:
>>>>>>>>>
>>>>>>>>> Mar 8 12:40:38 derdapp004 postfix/local[30799]: 04C7040C4C:
>>>>>>>>> to=<whups at localhost>, orig_to=<whups@[mydn.tdl]>,
>>>>>>>>> relay=local, delay=0.58, delays=0.09/0.04/0/0.45, dsn=5.3.0,
>>>>>>>>> status=bounced (Command died with status 255:
>>>>>>>>> "/usr/bin/whups-mail-filter -g". Command output: PHP
>>>>>>>>> Warning:
>>>>>>>>> require_once(/usr/share/php/www/horde/whups/lib/Application.php):
>>>>>>>>> failed to open stream: No such file or directory in
>>>>>>>>> /usr/bin/whups-mail-filter on line 73 PHP Fatal error:
>>>>>>>>> require_once(): Failed opening required
>>>>>>>>> '/usr/share/php/www/horde/whups/lib/Application.php'
>>>>>>>>> (include_path='.:/usr/share/php:/usr/share/pear') in
>>>>>>>>> /usr/bin/whups-mail-filter on line 73 )
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> If I pipe with the local user (root) from the command line,
>>>>>>>>> it works perfect.
>>>>>>>>> I guess it is about a missing environment o.s.
>>>>>>>>>
>>>>>>>>> Can somebody advice, pls?
>>>>>>>>>
>>>>>>>>> br
>>>>>>>>> Carsten
>>>>>>>>
>>>>>>>> You have set the horde_dir configuration setting in PEAR only
>>>>>>>> for the user that installed Horde, not for the user that runs
>>>>>>>> the pipe. Either use the same user for both (web server user
>>>>>>>> is always a good choice), or set the PEAR configuration for
>>>>>>>> the other user too, or set the configuration globally:
>>>>>>>> $ pear config-set -c horde horde_dir /real/path/to/horde
>>>>>>>> $ pear config-set -c horde horde_dir /real/path/to/horde system
>>>>>>>>
>>>>>>>
>>>>>>> Hmm... ok, I see.
>>>>>>> Let's check:
>>>>>>> that's the user, I installed horde with:
>>>>>>> root at derdapp004 /etc/postfix # pear config-show -c horde|grep
>>>>>>> -i horde_dir
>>>>>>> Base Horde directory horde_dir /var/www/horde
>>>>>>>
>>>>>>> This is the user, the apache2 is running:
>>>>>>> root at derdapp004 /etc/postfix # sudo -u www-data pear
>>>>>>> config-show -c horde|grep -i horde_dir
>>>>>>> Base Horde directory horde_dir /usr/share/php/www/horde
>>>>>>>
>>>>>>> And that's the postfix user:
>>>>>>> root at derdapp004 /etc/postfix # sudo -u postfix pear
>>>>>>> config-show -c horde|grep -i horde_dir
>>>>>>> Base Horde directory horde_dir /usr/share/php/www/horde
>>>>>>>
>>>>>>>
>>>>>>> ok. just to verify, the issue is still persistent, one test
>>>>>>> before the configuration change:
>>>>>>> ##############
>>>>>>> Mar 9 16:56:59 derdapp004 postfix/local[15222]: 117514085F:
>>>>>>> to=<whups at localhost>, orig_to=<whups@[mydn.tld]>, relay=local,
>>>>>>> delay=0.57, delays=0.08/0.04/0/0.46, dsn=5.3.0, status=bounced
>>>>>>> (Command died with status 255: "/usr/bin/whups-mail-filter
>>>>>>> -g". Command output: PHP Warning:
>>>>>>> require_once(/whups/lib/Application.php): failed to open
>>>>>>> stream: No such file or directory in
>>>>>>> /usr/bin/whups-mail-filter on line 73 PHP Fatal error:
>>>>>>> require_once(): Failed opening required
>>>>>>> '/whups/lib/Application.php'
>>>>>>> (include_path='.:/usr/share/php:/usr/share/pear') in
>>>>>>> /usr/bin/whups-mail-filter on line 73 )
>>>>>>> ################
>>>>>>>
>>>>>>>
>>>>>>> Now I configure postfix for the dir, as root has it set:
>>>>>>> root at derdapp004 /etc/postfix # sudo -u postfix pear config-set
>>>>>>> -c horde horde_dir /var/www/horde
>>>>>>> config-set (horde_dir, /var/www/horde, user) failed, channel
>>>>>>> pear.horde.org
>>>>>>>
>>>>>>> uups... ?!?
>>>>>>> With that knowledge I searched again the all-knowing-heapdump
>>>>>>> and found other horde user having that issue -which is a
>>>>>>> pear-issue, not a horde issue.
>>>>>>> Daemon user do not have a interactive profile, so You !_have_!
>>>>>>> to set it system wide from my point of view.
>>>>>>>
>>>>>>> root at derdapp004 /home # pear config-set -c horde horde_dir
>>>>>>> /var/www/horde system
>>>>>>> config-set succeeded
>>>>>>>
>>>>>>> And again, we test:
>>>>>>> ##########################
>>>>>>> Mar 9 16:59:54 derdapp004 postfix/local[15508]: 4CC8340861:
>>>>>>> to=<whups at localhost>, orig_to=<whups@[mydn.tld]>, relay=local,
>>>>>>> delay=1, delays=0.06/0.03/0/0.95, dsn=5.3.0, status=bounced
>>>>>>> (Command died with status 1: "/usr/bin/whups-mail-filter -g".
>>>>>>> Command output: Fatal Error: No such backend "" found In
>>>>>>> /var/www/horde/whups/lib/Factory/Driver.php on line 46 1.
>>>>>>> Horde_Registry::appInit()
>>>>>>> /usr/bin/whups-mail-filter:74 2.
>>>>>>> Horde_Registry->pushApp()
>>>>>>> /usr/share/php/Horde/Registry.php:299 3.
>>>>>>> Horde_Registry->_pushAppError()
>>>>>>> /usr/share/php/Horde/Registry.php:1640 4.
>>>>>>> Horde_Registry::appInit() /usr/bin/whups-mail-filter:74 5.
>>>>>>> Horde_Registry->pushApp()
>>>>>>> /usr/share/php/Horde/Registry.php:299 6.
>>>>>>> Horde_Registry->callAppMethod()
>>>>>>> /usr/share/php/Horde/Registry.php:1635 7.
>>>>>>> call_user_func_array() /usr/share/php/Horde/Registry.php:1197
>>>>>>> 8. Horde_Registry_Application->init() 9.
>>>>>>> Whups_Application->_init()
>>>>>>> /usr/share/php/Horde/Registry/Application.php:117 10.
>>>>>>> Whups_Factory_Driver->create()
>>>>>>> /var/www/horde/whups/lib/Application.php:49 )
>>>>>>>
>>>>>>> ##########################
>>>>>>>
>>>>>>> Here is my test mail for better debugging:
>>>>>>>
>>>>>>> ##########################
>>>>>>> root at derdapp001 ~ # sendmail whups@[mydn.tld]
>>>>>>> subject: Monitoring: test ticket
>>>>>>> data
>>>>>>> Hello World
>>>>>>> [CTRL]+d
>>>>>>> ##########################
>>>>>>>
>>>>>>> Let's give it a try on the local command line as postfix user:
>>>>>>> We create a little script:
>>>>>>> #################################
>>>>>>> 1 root at derdapp004 /tmp # cat testmail :(
>>>>>>> #!/bin/bash
>>>>>>> clear;
>>>>>>> echo "Hi, my name is $(whoami)";
>>>>>>> echo "from: root at derdapp001.[mydn.tld] _
>>>>>>> to: whups@[mydn.tld] _
>>>>>>> subject: Monitoring: test alert _
>>>>>>> _
>>>>>>> hallo welt _
>>>>>>> _
>>>>>>> "|whups-mail-filter -g -q monitoring;
>>>>>>> ######################################
>>>>>>>
>>>>>>> now we fire it as postfix:
>>>>>>> ####################################
>>>>>>> root at derdapp004 /tmp # sudo -u postfix /tmp/testmail
>>>>>>> �[clearscreen]
>>>>>>> Hi, my name is postfix
>>>>>>>
>>>>>>> Message from syslogd at derdapp004 at Mar 9 17:28:18 ...
>>>>>>> HORDE: No such backend "" found [pid 17708 on line 1679 of
>>>>>>> "/usr/share/php/Horde/Registry.php"]
>>>>>>>
>>>>>>> Fatal Error:
>>>>>>> No such backend "" found
>>>>>>> In /var/www/horde/whups/lib/Factory/Driver.php on line 46
>>>>>>>
>>>>>>> 1. Horde_Registry::appInit() /usr/bin/whups-mail-filter:74
>>>>>>> 2. Horde_Registry->pushApp() /usr/share/php/Horde/Registry.php:299
>>>>>>> 3. Horde_Registry->_pushAppError()
>>>>>>> /usr/share/php/Horde/Registry.php:1640
>>>>>>> 4. Horde_Registry::appInit() /usr/bin/whups-mail-filter:74
>>>>>>> 5. Horde_Registry->pushApp() /usr/share/php/Horde/Registry.php:299
>>>>>>> 6. Horde_Registry->callAppMethod()
>>>>>>> /usr/share/php/Horde/Registry.php:1635
>>>>>>> 7. call_user_func_array() /usr/share/php/Horde/Registry.php:1197
>>>>>>> 8. Horde_Registry_Application->init()
>>>>>>> 9. Whups_Application->_init()
>>>>>>> /usr/share/php/Horde/Registry/Application.php:117
>>>>>>> 10. Whups_Factory_Driver->create()
>>>>>>> /var/www/horde/whups/lib/Application.php:49
>>>>>>> ###################################
>>>>>>>
>>>>>>> Ok, give it a try on the root user:
>>>>>>>
>>>>>>> #######################################
>>>>>>> root at derdapp004 /tmp # ./testmail
>>>>>>> [clearscreen]
>>>>>>>
>>>>>>> Hi, my name is root
>>>>>>> Usage: whups-mail-filter [options]
>>>>>>>
>>>>>>> [bla bla bla]
>>>>>>>
>>>>>>> Fatal Error:
>>>>>>> --queue-name or --queue-id must specify a valid and public queue.
>>>>>>> Available queues:
>>>>>>>
>>>>>>> 1. Horde_Cli->fatal() /usr/bin/whups-mail-filter:169
>>>>>>>
>>>>>>> ##########################################################
>>>>>>>
>>>>>>> WTF?!?!?
>>>>>>>
>>>>>>> Revert system pear setting:
>>>>>>> ####################################
>>>>>>> root at derdapp004 /tmp # pear config-set -c horde horde_dir '' system
>>>>>>> config-set succeeded
>>>>>>> ######################################
>>>>>>> again, local root test:
>>>>>>>
>>>>>>> #############################
>>>>>>> root at derdapp004 /tmp # ./testmail
>>>>>>> [clearscreen]
>>>>>>>
>>>>>>> [bla bla bla]
>>>>>>>
>>>>>>> Fatal Error:
>>>>>>> --queue-name or --queue-id must specify a valid and public queue.
>>>>>>> Available queues:
>>>>>>>
>>>>>>> 1. Horde_Cli->fatal() /usr/bin/whups-mail-filter:169
>>>>>>>
>>>>>>> ###################################
>>>>>>>
>>>>>>> ok, last try, we check with the www-data:
>>>>>>>
>>>>>>> ##############################
>>>>>>> root at derdapp004 ~www # sudo -u www-data /tmp/testmail
>>>>>>> [clearscreen]
>>>>>>>
>>>>>>> Hi, my name is www-data
>>>>>>> root at derdapp004 ~www #
>>>>>>> ##############################
>>>>>>>
>>>>>>>
>>>>>>> Well... ok, what is now going on.
>>>>>>> Permission check on queue has been done.
>>>>>>> Full rights for guest (tuned up during debugging).
>>>>>>> So what is wrong here?
>>>>>>>
>>>>>>> *confused*
>>>>>>>
>>>>>>> Carsten
>>>>>>
>>>>>> Two things to rule out:
>>>>>>
>>>>>> - Use -Q instead of -q
>>>>>> - Try using -a
>>>>>>
>>>>> Hi,
>>>>> ok, changed the script like this:
>>>>> #################################
>>>>> root at derdapp004 /tmp # cat testmail :(
>>>>> #!/bin/bash
>>>>> clear;
>>>>> echo "Hi, my name is $(whoami)";
>>>>> echo "from: root at derdapp001.[mydn.tld] _
>>>>> to: whups@[mydn.tld] _
>>>>> subject: Monitoring: test alert _
>>>>> _
>>>>> hallo welt _
>>>>> _
>>>>> "|whups-mail-filter -g -Q 5 -a carsten@[mydn.tld];
>>>>> ###################################
>>>>> Check root user: OK
>>>>> Check www-data: OK
>>>>> Check postfix: failed
>>>>> ###############################
>>>>> Hi, my name is postfix
>>>>> PHP Warning:
>>>>> require_once(/var/www/horde/whups/lib/Application.php): failed
>>>>> to open stream: Permission denied in /usr/bin/whups-mail-filter
>>>>> on line 73
>>>>> PHP Fatal error: require_once(): Failed opening required
>>>>> '/var/www/horde/whups/lib/Application.php'
>>>>> (include_path='.:/usr/share/php:/usr/share/pear') in
>>>>> /usr/bin/whups-mail-filter on line 73
>>>>> ###############################
>>>>>
>>>>> Can You specify which files to check for permission settings?
>>>>> At the moment I have 744 on all directories at /var/www/horde
>>>>> and 745 on all files in the structure -I know a little insecure,
>>>>> but it debugging time ;-)
>>>>>
>>>>> br
>>>>> Carsten
>>>>
>>>> /var/www/horde/whups/lib/Application.php is the file that cannot
>>>> be opened due to permission problems.
>>>>
>>> Checked file permissions. As described above:
>>>
>>> ###################
>>> #
>>> root at derdapp004 ~www/horde/whups/lib # pwd
>>> /var/www/horde/whups/lib
>>> root at derdapp004 ~www/horde/whups/lib # ll Application.php
>>> -rwxr--r-x 1 www-data root 9169 Mar 7 11:33 Application.php
>>> ##
>>> ##################
>>>
>>> Let's check, what would be the output of a call of that file:
>>>
>>> #################
>>> ##
>>> root at derdapp004 ~www/horde/whups/lib # php -f Application.php
>>> root at derdapp004 ~www/horde/whups/lib #
>>> ##
>>> #################
>>>
>>> Now with postfix:
>>>
>>> #################
>>> ##
>>> root at derdapp004 ~www/horde # sudo -u postfix php -f
>>> /var/www/horde/whups/lib/Application.php
>>> Could not open input file: /var/www/horde/whups/lib/Application.php
>>> #
>>> ##################
>>>
>>> Now I did a more intense check of the permissions, using
>>>
>>> ##############
>>> ##
>>> root at derdapp004 ~www/horde/whups/lib # sudo -u postfix ls
>>> /var/www/horde/whups/lib
>>> ls: cannot access /var/www/horde/whups/lib: Permission denied
>>> root at derdapp004 ~www/horde/whups/lib # cd /var/www/horde
>>> root at derdapp004 ~www/horde # ll
>>> total 136
>>> [...snipp...]
>>> drwxr--r-- 13 www-data root 4096 Mar 7 11:33 whups
>>> ##
>>> ##############
>>>
>>> and bingo, a thing, I will never understand in the LX permission
>>> context: You need execute to enter a directory
>>> Thinking about RBAC I solved it with this:
>>> 1st: create a group "www-horde"
>>> 2nd: put user postfix into that group
>>> 3rd: do a "chown -R www-data:www-horde /var/www/horde"
>>> 4th: do a "chmod -R 750 /var/www/horde"
>>> 5th: do another test:
>>>
>>> #################
>>> ##
>>> root at derdapp004 ~www/horde # sudo -u postfix /tmp/testmail
>>> �[clearscreen]
>>> Hi, my name is postfix
>>> root at derdapp004 ~www/horde #
>>> ##
>>> #################
>>>
>>> Ticket created!! And now: be happy.... ;-)
>>>
>>> Thanks for You patients and help!!
>>>
>>> br
>>> Carsten
>>
>> ok, back, where we have started. I've forgotten the test using the mail:
>> #######################
>> ##
>>
>> <whups at localhost> (expanded from <whups@[mydn.tld]>): Command died with
>> status 255: "/usr/bin/whups-mail-filter -g -a carsten@[mydn.tld] -Q
>> 5". Command output: PHP Warning:
>> require_once(/var/www/horde/whups/lib/Application.php): failed to open
>> stream: Permission denied in /usr/bin/whups-mail-filter on line 73 PHP
>> Fatal error: require_once(): Failed opening required
>> '/var/www/horde/whups/lib/Application.php'
>> (include_path='.:/usr/share/php:/usr/share/pear') in
>> /usr/bin/whups-mail-filter on line 73
>>
>> ##
>> #######################
>>
>> *BöseFlüche*
>>
>> What else have I missed?
>>
>> br
>> Carsten
>
> I did some more research and found that:
> "...
> postfix/main.cf
> default_privs (default: nobody)
> The default rights used by the local(8) delivery agent for delivery
> to external file or command. These rights are used when delivery is
> requested from an aliases(5) file that is owned by root, or when
> delivery is done on behalf of root. DO NOT SPECIFY A PRIVILEGED USER
> OR THE POSTFIX OWNER.
> ..."
>
> I added two lines to the whups-mail-filter like that:
> "...
> <?php
> $shellex = shell_exec("logger INFO $(whoami)");
> echo $shellex;
> ..."
>
> Which returned this in the syslog:
> "..
> Mar 11 13:25:58 derdapp004 logger: INFO nobody
> ..."
>
> So, we are back to the permissions.
>
> 1st: create a new user "postfix-pipe"
> 2nd: add it to the group "www-horde".
> 3rd: add "default_privs = postfix-pipe" to the main.cf
> 4th: do a postmap main.cf and a postfix reload
> 5th: do a command line check:
> ##############################
> ##
> root at derdapp004 /etc # sudo -u postfix-pipe php -f
> /var/www/horde/whups/lib/Application.php
> root at derdapp004 /etc #
> ##
> ##############################
> => works!
>
> 6th: do a mail check:
> "...
> Mar 11 13:54:39 derdapp004 logger: INFO postfix-pipe
> Mar 11 13:54:40 derdapp004 postfix/local[32191]: A2D55415CC:
> to=<whups at localhost>, orig_to=<whups@[mydn.tld]>, relay=local,
> delay=0.61, delays=0.08/0.04/0/0.5, dsn=5.3.0, status=bounced
> (Command died with status 255: "/usr/bin/whups-mail-filter -g -a
> carsten@[mydn.tld] -Q 5". Command output: PHP Warning:
> require_once(/var/www/horde/whups/lib/Application.php): failed to
> open stream: Permission denied in /usr/bin/whups-mail-filter on line
> 76 PHP Fatal error: require_once(): Failed opening required
> '/var/www/horde/whups/lib/Application.php'
> (include_path='.:/usr/share/php:/usr/share/pear') in
> /usr/bin/whups-mail-filter on line 76 )
> ..."
> => FAILS!!
>
> now I am totaly off.......
Did you check the permissions of all parent directories too?
--
Jan Schneider
The Horde Project
https://www.horde.org/
More information about the horde
mailing list