run as user=nobody group=nogroup (OpenBSD)

[patch-work]

> doas ls -l /var/run/authentication_milter.pid
ls: /var/run/authentication_milter.pid: No such file or directory

> doas rcctl start mail_milter_authentication
mail_milter_authentication(ok)

> doas ls -l /var/run/authentication_milter.pid
-rw-rw-rw-  1 _milter-auth  _milter-auth  6 Oct 20 20:26 /var/run/authentication_milter.pid

> doas rcctl check mail_milter_authentication
mail_milter_authentication(failed)

> doas rcctl stop mail_milter_authentication

> doas ls -l /var/run/authentication_milter.pid
-rw-rw-rw-  1 _milter-auth  _milter-auth  6 Oct 20 20:26 /var/run/authentication_milter.pid

Sun Oct 20 21:19:52 2024 authentication_milter[97499] run as user=_milter-auth group=_milter-auth
Sun Oct 20 21:19:52 2024 authentication_milter[97499] Chroot to /
Sun Oct 20 21:19:52 2024 authentication_milter[97499] listening on unix socket=/var/[omissis]/fam.socket backlog=20
Sun Oct 20 21:19:52 2024 authentication_milter[97499] setting umask to 0111
Sun Oct 20 21:19:52 2024 authentication_milter[97499] ==========
Sun Oct 20 21:19:52 2024 authentication_milter[97499] Starting server
Sun Oct 20 21:19:52 2024 authentication_milter[97499] Running with perl v5.38.2
Sun Oct 20 21:19:52 2024 authentication_milter[97499] ==========

The username and group are stated in the /etc file, and the pid file has ugo+w permissions anyway, so the problem is elsewhere.

The server shuts down without leaving an error log.

The server must chroot on "/" or it will fail; this is a security risk.

The previous version of the milter worked without interruptions since May.
This is an update, leaving the old configuration in place.

[patch-work]

Running the milter in foreground shows the problem.

Sun Oct 20 20:54:43 2024 authentication_milter[5405] Warning: Pid_file "/var/run/authentication_milter.pid" already exists.  Overwriting!
Sun Oct 20 20:54:43 2024 authentication_milter[5405] Warning: Use of uninitialized value $cwd_untainted in chdir at /usr/libdata/perl5/File/Find.pm line 292.
Sun Oct 20 20:54:43 2024 authentication_milter[5405] Warning: Use of uninitialized value $cwd in concatenation (.) or string at /usr/libdata/perl5/File/Find.pm line 293.
Sun Oct 20 20:54:43 2024 authentication_milter[5405] Server failed: Can't cd to : No such file or directory
Sun Oct 20 20:54:53 2024 authentication_milter[5405] Attempting automatic restart
[...]
Sun Oct 20 20:55:43 2024 authentication_milter[5405] Warning: Pid_file created by this same process. Doing nothing.
Sun Oct 20 20:55:43 2024 authentication_milter[5405] Child process 5405 shutting down due to fatal error: Can't connect to UNIX socket at file /var/[omissis]/fam.socket [Permission denied]
Sun Oct 20 20:55:43 2024 authentication_milter[5405] Server failed: Can't connect to UNIX socket at file /var/[omissis]/fam.socket [Permission denied]
Sun Oct 20 20:55:53 2024 authentication_milter[5405] Abandoning automatic restart: too many restarts in a short time
Sun Oct 20 20:55:53 2024 authentication_milter[5405] Server exiting abnormally

> doas ls -halF /var/[omissis]/fam.socket
srw-rw-rw-  1 _milter-auth  _milter-auth     0B Oct 20 21:14 /var/[omissis]/fam.socket=

> grep _milter-auth /etc/authentication_milter.json
"runas"                  : "_milter-auth",
"rungroup"               : "_milter-auth",

By comparison, the log was silent when running as daemon.

[patch-work]

This is the server hello in May.

Fri May 17 10:20:22 2024 authentication_milter[78164] daemonize servers=5/25 spares=2/5 requests=200
Fri May 17 10:20:22 2024 authentication_milter[78164] run as user=_milter-auth group=_milter-auth
Fri May 17 10:20:22 2024 authentication_milter[78164] Chroot to
Fri May 17 10:20:22 2024 authentication_milter[78164] listening on unix socket=/var/[omissis]/fam.socket backlog=20
Fri May 17 10:20:22 2024 authentication_milter[78164] setting umask to 0111
Fri May 17 10:20:22 2024 authentication_milter[78164] ==========
Fri May 17 10:20:22 2024 authentication_milter[78164] Starting server
Fri May 17 10:20:22 2024 authentication_milter[78164] Running with perl v5.36.3
Fri May 17 10:20:22 2024 authentication_milter[78164] ==========
Fri May 17 10:24:25 2024 authentication_milter[24761] Child process 24761 starting up
Fri May 17 10:24:25 2024 authentication_milter[61436] Child process 61436 starting up
Fri May 17 10:24:25 2024 authentication_milter[46613] Child process 46613 starting up
Fri May 17 10:24:25 2024 authentication_milter[29801] Child process 29801 starting up
Fri May 17 10:24:25 2024 authentication_milter[69977] Child process 69977 starting up
Fri May 17 10:27:37 2024 authentication_milter[24761] Warning: deprecated method; prefer $rr->rdstring() at /usr/local/libdata/perl5/site_perl/Mail/Milter/Authentication/Handler/IPRev.pm line 58.
Fri May 17 10:27:37 2024 authentication_milter[24761] --: SPFCode: pass
Fri May 17 10:27:37 2024 authentication_milter[24761] --: EncryptedAs: TLSv1.3, TLS_AES_256_GCM_SHA384, 256 bits
Fri May 17 10:27:38 2024 authentication_milter[24761] 4AAE57EE53: DKIMResult: No DKIM headers
Fri May 17 10:27:38 2024 authentication_milter[24761] 4AAE57EE53: SenderIdCode: none
Fri May 17 10:27:38 2024 authentication_milter[24761] 4AAE57EE53: XGoogleDKIMResult: No X-Google-DKIM headers
Fri May 17 10:27:39 2024 authentication_milter[24761] 4AAE57EE53: DMARCCode: pass
Fri May 17 10:27:39 2024 authentication_milter[24761] 4AAE57EE53: DMARCReportTo (skipped): mailto:postmaster@imoter.it
Fri May 17 10:27:39 2024 authentication_milter[24761] 4AAE57EE53: PreHeader: Received-SPF: pass
[...]

By comparison, the new version of the milter, using the same configuration, is trying to change directory, and it fails.

Sun Oct 20 20:54:43 2024 authentication_milter[5405] Warning: Use of uninitialized value $cwd_untainted in chdir at /usr/libdata/perl5/File/Find.pm line 292.
Sun Oct 20 20:54:43 2024 authentication_milter[5405] Warning: Use of uninitialized value $cwd in concatenation (.) or string at /usr/libdata/perl5/File/Find.pm line 293.
Sun Oct 20 20:54:43 2024 authentication_milter[5405] Server failed: Can't cd to : No such file or directory
Sun Oct 20 20:54:53 2024 authentication_milter[5405] Attempting automatic restart

[patch-work]

This is what happens when changing ownership.

Sun Oct 20 22:11:11 2024 authentication_milter[45979] run as user=root group=wheel
Sun Oct 20 22:11:11 2024 authentication_milter[45979] Chroot to /
Sun Oct 20 22:11:11 2024 authentication_milter[45979] listening on unix socket=/var/[omissis]/fam.socket backlog=20
Sun Oct 20 22:11:11 2024 authentication_milter[45979] setting umask to 0111
Sun Oct 20 22:11:11 2024 authentication_milter[45979] ==========
Sun Oct 20 22:11:11 2024 authentication_milter[45979] Starting server
Sun Oct 20 22:11:11 2024 authentication_milter[45979] Running with perl v5.38.2
Sun Oct 20 22:11:11 2024 authentication_milter[45979] ==========
Sun Oct 20 22:11:11 2024 authentication_milter[45979] Warning: Pid_file "/var/run/authentication_milter.pid" already exists.  Overwriting!
Sun Oct 20 22:11:15 2024 authentication_milter[45979] DMARC Preloaded PSL
Sun Oct 20 22:11:15 2024 authentication_milter[70961] Child process 70961 starting up
Sun Oct 20 22:11:15 2024 authentication_milter[92170] Child process 92170 starting up
Sun Oct 20 22:11:15 2024 authentication_milter[41129] Child process 41129 starting up
Sun Oct 20 22:11:15 2024 authentication_milter[59893] Child process 59893 starting up
Sun Oct 20 22:11:15 2024 authentication_milter[92765] Child process 92765 starting up
Sun Oct 20 22:12:15 2024 authentication_milter[7186] Dequeue process 7186 starting up
Sun Oct 20 22:12:16 2024 authentication_milter[7186] DEQUEUE.EB90DDECD79: Dequeue process 7186 shutting down

However, I cannot run this as root:wheel with chroot on /.

[patch-work]

Are you able to run the server with user:group other than root?

[marcbradshaw]

I would not recommend running as root, and instead using the options in the config file to drop privileges and run as an unprivileged user

For example:

"runas"                  : "nobody",
"rungroup"               : "nogroup",

The chroot functionality is quite complicated, and the chroot build isn't simple unfortunately. Removing chroot from the config should be enough to disable this.

[patch-work]

I removed the chroot line fom the configuration, and set runas:rungroup as nobody:nogroup. This is what I see:

Tue Oct 22 10:08:13 2024 authentication_milter[9804] run as user=nobody group=nogroup
Tue Oct 22 10:08:13 2024 authentication_milter[9804] listening on unix socket=/var/[omissis]/fam.socket backlog=20
Tue Oct 22 10:08:13 2024 authentication_milter[9804] setting umask to 0111
Tue Oct 22 10:08:13 2024 authentication_milter[9804] ==========
Tue Oct 22 10:08:13 2024 authentication_milter[9804] Starting server
Tue Oct 22 10:08:13 2024 authentication_milter[9804] Running with perl v5.38.2
Tue Oct 22 10:08:13 2024 authentication_milter[9804] ==========
Tue Oct 22 10:08:14 2024 authentication_milter[9804] Warning: Pid_file "/var/run/authentication_milter.pid" already exists.  Overwriting!
Tue Oct 22 10:08:14 2024 authentication_milter[9804] Warning: Use of uninitialized value $cwd_untainted in chdir at /usr/libdata/perl5/File/Find.pm line 292.
Tue Oct 22 10:08:14 2024 authentication_milter[9804] Warning: Use of uninitialized value $cwd in concatenation (.) or string at /usr/libdata/perl5/File/Find.pm line 293.
Tue Oct 22 10:08:14 2024 authentication_milter[9804] Server failed: Can't cd to : No such file or directory
Tue Oct 22 10:08:24 2024 authentication_milter[9804] Attempting automatic restart
Tue Oct 22 10:08:34 2024 authentication_milter[9804] Warning: Pid_file created by this same process. Doing nothing.
Tue Oct 22 10:08:34 2024 authentication_milter[9804] Warning: Pid_file created by this same process. Doing nothing.
Tue Oct 22 10:08:34 2024 authentication_milter[9804] Child process 9804 shutting down due to fatal error: Can't connect to UNIX socket at file /var/services/465/spool/private/fam.socket [Permission denied]
Tue Oct 22 10:08:34 2024 authentication_milter[9804] Server failed: Can't connect to UNIX socket at file /var/services/465/spool/private/fam.socket [Permission denied]
Tue Oct 22 10:08:44 2024 authentication_milter[9804] Attempting automatic restart
Tue Oct 22 10:08:54 2024 authentication_milter[9804] Warning: Pid_file created by this same process. Doing nothing.
Tue Oct 22 10:08:54 2024 authentication_milter[9804] Warning: Pid_file created by this same process. Doing nothing.
Tue Oct 22 10:08:54 2024 authentication_milter[9804] Child process 9804 shutting down due to fatal error: Can't connect to UNIX socket at file /var/services/465/spool/private/fam.socket [Permission denied]
Tue Oct 22 10:08:54 2024 authentication_milter[9804] Server failed: Can't connect to UNIX socket at file /var/services/465/spool/private/fam.socket [Permission denied]
Tue Oct 22 10:09:04 2024 authentication_milter[9804] Attempting automatic restart

[patch-work]

It is happy with nogroup, but demands root as user:

Tue Oct 22 10:11:29 2024 authentication_milter[74567] run as user=root group=nogroup
Tue Oct 22 10:11:29 2024 authentication_milter[74567] listening on unix socket=/var/[omissis]/fam.socket backlog=20
Tue Oct 22 10:11:29 2024 authentication_milter[74567] setting umask to 0111
Tue Oct 22 10:11:29 2024 authentication_milter[74567] ==========
Tue Oct 22 10:11:29 2024 authentication_milter[74567] Starting server
Tue Oct 22 10:11:29 2024 authentication_milter[74567] Running with perl v5.38.2
Tue Oct 22 10:11:29 2024 authentication_milter[74567] ==========
Tue Oct 22 10:11:29 2024 authentication_milter[74567] Warning: Pid_file "/var/run/authentication_milter.pid" already exists.  Overwriting!
Tue Oct 22 10:11:33 2024 authentication_milter[74567] DMARC Preloaded PSL
Tue Oct 22 10:11:34 2024 authentication_milter[95627] Child process 95627 starting up
Tue Oct 22 10:11:34 2024 authentication_milter[56878] Child process 56878 starting up
Tue Oct 22 10:11:34 2024 authentication_milter[97830] Child process 97830 starting up
Tue Oct 22 10:11:34 2024 authentication_milter[73132] Child process 73132 starting up
Tue Oct 22 10:11:34 2024 authentication_milter[63121] Child process 63121 starting up

[patch-work]

This warning needs to be more explicit:

Tue Oct 22 10:08:14 2024 authentication_milter[9804] Warning: Use of uninitialized value $cwd_untainted in chdir at /usr/libdata/perl5/File/Find.pm line 292.
Tue Oct 22 10:08:14 2024 authentication_milter[9804] Warning: Use of uninitialized value $cwd in concatenation (.) or string at /usr/libdata/perl5/File/Find.pm line 293.
Tue Oct 22 10:08:14 2024 authentication_milter[9804] Server failed: Can't cd to : No such file or directory