Anyone using sa-update from cron for SpamAssassin?
Posted by: MrGibbage
Posted on: 2009-07-20 17:23:00
/usr/local/bin/setlock -n /tmp/cronlock.4051759.53932 sh -c $'/home/skipmorrow/bin/sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org'
gpg: WARNING: unsafe ownership on homedir `/home/skipmorrow/etc/mail/spamassassin/sa-update-keys'
gpg: failed to create temporary file `/home/skipmorrow/etc/mail/spamassassin/sa-update-keys/.#lk0x5d7320.ps11651.23686': Permission denied
gpg: keyblock resource`/home/skipmorrow/etc/mail/spamassassin/sa-update-keys/secring.gpg': general error
gpg: failed to create temporary file `/home/skipmorrow/etc/mail/spamassassin/sa-update-keys/.#lk0x5d7320.ps11651.23686': Permission denied
gpg: keyblock resource `/home/skipmorrow/etc/mail/spamassassin/sa-update-keys/pubring.gpg': general error
gpg: no writable keyring found: eof
gpg: error reading `/home/skipmorrow/share/spamassassin/sa-update-pubkey.txt': general error
gpg: import from `/home/skipmorrow/share/spamassassin/sa-update-pubkey.txt' failed: general error
But when I run it from a login shell, it doesn't show those errors. So I wrote a script to verify that the cron job is running as the correct user by putting in whoami, and indeed it is running as skipmorrow
skipmorrow@ps11651:~$ ls etc/mail/spamassassin/sa-update-keys/ -la
total 28
drwx------ 2 skipmorrow pg2222652 4096 Jul 20 00:00 .
drwxr-xr-x 3 skipmorrow pg2222652 4096 Jul 17 13:29 ..
-rw------- 1 skipmorrow pg2222652 5123 Jul 17 14:29 pubring.gpg
-rw------- 1 skipmorrow pg2222652 4505 Jul 17 13:32 pubring.gpg~
-rw------- 1 skipmorrow pg2222652 0 Jul 17 13:29 secring.gpg
-rw------- 1 skipmorrow pg2222652 1200 Jul 17 13:29 trustdb.gpg
skipmorrow@ps11651:~$ id
uid=15203(skipmorrow) gid=588771(pg2222652) groups=588771(pg2222652)
skipmorrow@ps11651:~$ whoami
skipmorrow
skipmorrow@ps11651:~$ crontab -l
###--- BEGIN DREAMHOST BLOCK
###--- Changes made to this part of the file WILL be destroyed!
# sa-update JM_SOUGHT
MAILTO="skip@pelorus.org"
@hourly /usr/local/bin/setlock -n /tmp/cronlock.4061564.53932 sh -c $'/home/skipmorrow/update_sa_rules.sh'
###--- You can make changes below the next line and they will be preserved!
###--- END DREAMHOST BLOCK
skipmorrow@ps11651:~$ cat update_sa_rules.sh
#!/bin/bash
echo `date`>>/home/skipmorrow/sa_update.log
echo "Who Am I: `whoami`">>/home/skipmorrow/sa_update.log
echo "id: `id`">>/home/skipmorrow/sa_update.log
echo "">>/home/skipmorrow/sa_update.log
/home/skipmorrow/bin/sa-update -D --gpgkey 6C6191E3 --channel sought.rules.yerp.org --gpghomedir /home/skipmorrow/etc/mail/spamassassin/sa-update-keys
skipmorrow@ps11651:~$ tail sa_update.log
Mon Jul 20 07:00:04 PDT 2009
Who Am I: skipmorrow
id: uid=15203(skipmorrow) gid=588771(pg2222652) groups=588771(pg2222652)
I just recently added the --gpghomedir option, but that didn't make a difference at all to the error messages, and I wouldn't have expected it to make a difference, since sa-update is finding that directory on its own anyway.