Re: [Fetchmail-users] The saga of wrestling with systemd (was) Re: logrotate options?

[joea- l. <joe...@j4...>]

> Am 23.01.22 um 19:35 schrieb Joe Acquisto-j4:
>>> On Thu, Jan 20, 2022 at 11:34:26AM +0200, Peter Pentchev wrote:
>>> [snip]
>>>> directory if necessary). Something like this works for me (note that
>>>> I do not have a logfile directive in my fetchmail config file, so
>>>> it will send its output to the standard output stream by default):
>>>>
>>>>    [roam@straylight ~]$ cat ~/.config/systemd/user/fetchmail.service
>>>>    [Unit]
>>>>    Description=Run fetchmail in daemon mode.
>>>>    Documentation=man:fetchmail(1)
>>>>    After=network-online.target
>>>>    Wants=network-online.target
>>>>
>>>>    [Service]
>>>>    Type=simple
>>>>    ExecStartPre=-fetchmail -ve200
>>>>    ExecStart=fetchmail -ve25 -Nd120
>>>>    ExecStop=fetchmail --quit
>>>>    KillMode=process
>>> ...and of course, I forgot two lines that are kind of important:
>>>
>>> [Install]
>>> WantedBy=default.target
>>>
>>> G'luck,
>>> Peter
>>>
>>> --
>> Thanks to all.
>>
>> This is how I achieved success (getting Fetchmail to start and stop in 
> systemd world that is):
>>
>> -------------------------------------
>> [Unit]
>> Description=remote-mail retrieval utility runin daaemon mode
>> After=network.target
>> Wants=network.target
>>
>> [Service]
>> Type=simple
>> EnvironmentFile=/root/.fetchmailrc
>> #User=fetchmail
> 
> 
> Guys, seriously, do not run fetchmail as root user. This is generally
> bad practice, violating the principle of least privilege. Create that
> fetchmail user, move the .fetchmailrc and possibly .fetchids files,
> change their owner, and then run as fetchmail user.
> 
> I will take this feature away in a future version and without
> replacement to protect you while you pretend to be innocent. The
> warnings have been there for long enough.
> 

Your advice is certainly appreciated and I will once more attempt to 
do as suggested.

>From my own history, I recall attempting to do that in the dim time and
encountered some permissions related issues that did not yield to a 
cursory effort to resolve.  The path of least resistance called to me and
I went on to other matters.

I did not understand all of your last paragraph, but, it is probably
a good idea to remove the option to run as root.  Perhaps with option to
choose a different user name, though that may be too much.

joe a.