Pkg exim4 users - Mar 2010 - exim4 not starting by default in lenny

Hello,

I installed the exim4 package under debian lenny, but the daemon
doesn''t
start. In /var/log/mail.err, I can find following:

Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 exim 4.69 daemon 
started: pid=11948, -q30m, listening for SMTP on [127.0.0.1]:25
Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 Cannot open main 
log file "/var/log/exim4/mainlog": Permission denied: euid=102
egid=107
Mar  15 21:30:07 ... exim[11948]: exim: could not open panic log - 
aborting: see message(s) above

So I checked the access to /var/log/exim4/mainlog and I found that
/var/log is not accessible for the Debian-exim user (in fact to anyone
who isn''t root or isn''t a member of the root group).

 > ls -ld /var/log
drwxr-x--- 7 root root 3072 Mar 16 20:25 /var/log/

This problem can be solved by setting the permissions to 755 to 
/var/log, but I suppose the access is prohibited because of security
reasons. So I changed the ownership of var log to root:adm

 > chown root:adm /var/log

and added the user Debian-exim to the adm group:

 > usermod -G adm Debian-exim

After that exim4 started without problems.

Shouldn''t the default configuration of exim4 be such so that this
server
starts under lenny after it is configured by running dpkg-reconfigure 
exim4-config? This problem seems quite strange to me to occur in the 
stable distibution.

Thanks,

Lukas

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 16/03/2010 15:43, Lukas Baxa a ?crit :
> Hello,
Hi,
> I installed the exim4 package under debian lenny, but the daemon
doesn''t
> start. In /var/log/mail.err, I can find following:
> 
> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 exim 4.69 daemon
> started: pid=11948, -q30m, listening for SMTP on [127.0.0.1]:25
> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 Cannot open main
> log file "/var/log/exim4/mainlog": Permission denied: euid=102
egid=107
> Mar  15 21:30:07 ... exim[11948]: exim: could not open panic log -
> aborting: see message(s) above
> 
> So I checked the access to /var/log/exim4/mainlog and I found that
> /var/log is not accessible for the Debian-exim user (in fact to anyone
> who isn''t root or isn''t a member of the root group).
/var/log/exim4 on the other hand, should be writable :

$ ls -la /var/log
[...]
drwxr-xr-x 20 root          root             4096 mars 16 08:47 .
drwxr-s---  2 Debian-exim   adm              4096 mars 16 07:03 exim4

(It wad created as it is by the package install on a debian Lenny).

Cheers

David

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkugsBwACgkQ18/WetbTC/rhSgCfVTrvYNj31kZCkVqhbXiY/Ux/
HpAAn360L7LwZBacsDJVssqBIeifjtyU
=t+jK
-----END PGP SIGNATURE-----

On Tue, Mar 16, 2010 at 08:43:11PM +0100, Lukas Baxa
wrote:
> I installed the exim4 package under debian lenny, but the daemon
doesn''t
> start. In /var/log/mail.err, I can find following:
>
> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 exim 4.69 daemon  
> started: pid=11948, -q30m, listening for SMTP on [127.0.0.1]:25
> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 Cannot open main  
> log file "/var/log/exim4/mainlog": Permission denied: euid=102
egid=107
> Mar  15 21:30:07 ... exim[11948]: exim: could not open panic log -  
> aborting: see message(s) above
>
> So I checked the access to /var/log/exim4/mainlog and I found that
> /var/log is not accessible for the Debian-exim user (in fact to anyone
> who isn''t root or isn''t a member of the root group).
>
> > ls -ld /var/log
> drwxr-x--- 7 root root 3072 Mar 16 20:25 /var/log/
>
> This problem can be solved by setting the permissions to 755 to  
> /var/log, but I suppose the access is prohibited because of security
> reasons. So I changed the ownership of var log to root:adm
>
> > chown root:adm /var/log
>
> and added the user Debian-exim to the adm group:
>
> > usermod -G adm Debian-exim
Bad Idea.

I don''t know what went wrong on your system, this is how the
permissions are supposed to look like:

drwxr-xr-x 47 root        root  32K 17. M?r 07:39 /var/log/
drwxr-s---  2 Debian-exim adm  4,0K 13. M?r 13:20 /var/log/exim4/
-rw-r-----  1 Debian-exim adm  3,9M 17. M?r 14:37 /var/log/exim4/mainlog
-rw-r-----  1 Debian-exim adm     0 17. M?r 08:34 /var/log/exim4/paniclog

exim works fine that way.
> Shouldn''t the default configuration of exim4 be such so that this
server
> starts under lenny after it is configured by running dpkg-reconfigure  
> exim4-config
It is, and exim works fine. In all cases I know. There have been rare
reports of botched up permissions after installation, but I am much
less than convinced that this is caused by the exim package.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Hi,

David Pr?vot wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Le 16/03/2010 15:43, Lukas Baxa a ?crit :
>> Hello,
> 
> Hi,
> 
>> I installed the exim4 package under debian lenny, but the daemon
doesn''t
>> start. In /var/log/mail.err, I can find following:
>>
>> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 exim 4.69 daemon
>> started: pid=11948, -q30m, listening for SMTP on [127.0.0.1]:25
>> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 Cannot open main
>> log file "/var/log/exim4/mainlog": Permission denied:
euid=102 egid=107
>> Mar  15 21:30:07 ... exim[11948]: exim: could not open panic log -
>> aborting: see message(s) above
>>
>> So I checked the access to /var/log/exim4/mainlog and I found that
>> /var/log is not accessible for the Debian-exim user (in fact to anyone
>> who isn''t root or isn''t a member of the root group).
> 
> /var/log/exim4 on the other hand, should be writable :
> 
> $ ls -la /var/log
> [...]
> drwxr-xr-x 20 root          root             4096 mars 16 08:47 .
> drwxr-s---  2 Debian-exim   adm              4096 mars 16 07:03 exim4
> 
> (It wad created as it is by the package install on a debian Lenny).
my /var/log/exim4 is writable.
> 
> Cheers
> 
> David
Lukas
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iEYEARECAAYFAkugsBwACgkQ18/WetbTC/rhSgCfVTrvYNj31kZCkVqhbXiY/Ux/
> HpAAn360L7LwZBacsDJVssqBIeifjtyU
> =t+jK
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
>

Hi,

Marc Haber wrote:
> On Tue, Mar 16, 2010 at 08:43:11PM +0100, Lukas Baxa wrote:
>> I installed the exim4 package under debian lenny, but the daemon
doesn''t
>> start. In /var/log/mail.err, I can find following:
>>
>> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 exim 4.69 daemon
>> started: pid=11948, -q30m, listening for SMTP on [127.0.0.1]:25
>> Mar  15 21:30:07 ... exim[11948]: 2010-03-15 21:30:07 Cannot open main
>> log file "/var/log/exim4/mainlog": Permission denied:
euid=102 egid=107
>> Mar  15 21:30:07 ... exim[11948]: exim: could not open panic log -  
>> aborting: see message(s) above
>>
>> So I checked the access to /var/log/exim4/mainlog and I found that
>> /var/log is not accessible for the Debian-exim user (in fact to anyone
>> who isn''t root or isn''t a member of the root group).
>>
>>> ls -ld /var/log
>> drwxr-x--- 7 root root 3072 Mar 16 20:25 /var/log/
>>
>> This problem can be solved by setting the permissions to 755 to  
>> /var/log, but I suppose the access is prohibited because of security
>> reasons. So I changed the ownership of var log to root:adm
>>
>>> chown root:adm /var/log
>> and added the user Debian-exim to the adm group:
>>
>>> usermod -G adm Debian-exim
> 
> Bad Idea.
Why do you think that changing the group of /var/log to adm is a bad 
idea? I do not see any problem or drawback. Many of the log files
under /var/log have the adm group, especially those which are not
world readable. And all other log files I can find under /var/log
have the owner root. Do you think some services may not be able
to access /var/log and I also cannot see them?
> 
> I don''t know what went wrong on your system, this is how the
> permissions are supposed to look like:
> 
> drwxr-xr-x 47 root        root  32K 17. M?r 07:39 /var/log/
> drwxr-s---  2 Debian-exim adm  4,0K 13. M?r 13:20 /var/log/exim4/
> -rw-r-----  1 Debian-exim adm  3,9M 17. M?r 14:37 /var/log/exim4/mainlog
> -rw-r-----  1 Debian-exim adm     0 17. M?r 08:34 /var/log/exim4/paniclog
> 
> exim works fine that way.
Thanks. You''re right, exim works fine that way.
> 
>> Shouldn''t the default configuration of exim4 be such so that
this server
>> starts under lenny after it is configured by running dpkg-reconfigure  
>> exim4-config
> 
> It is, and exim works fine. In all cases I know. There have been rare
> reports of botched up permissions after installation, but I am much
> less than convinced that this is caused by the exim package.
I do not know why my /var/log wasn''t world readable. This seems to me 
like some quite strange issue.
> Greetings
> Marc
> 
Lukas