search

greenbone / gvmd

Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
GNU Affero General Public License v3.0
286 stars 153 forks source link

Permission problem with setup-mta.sh #2265

Closed Orest-Worhacz closed 3 months ago

Orest-Worhacz commented 3 months ago

Latest Greenbone Community Containers from today. I've tried to setup mail notifications. And as I did dig deeper I found out a problem in the gvmd container.

Related merge request: https://github.com/greenbone/gvmd/pull/2046

Expected behavior

After setting up MTA_HOST env var setup-mta.sh script should run.

Actual behavior

Script newer runs because its missing execute permissions in the container:

# docker exec -it -u root root-gvmd-1 /bin/bash
root@0c7894fb7b0a:/# ls -la /usr/local/bin
total 56
drwxr-xr-x 1 root root  4096 Jun 24 14:05 .
drwxr-xr-x 1 root root  4096 Jun 24 14:05 ..
-rwxr-xr-x 1 root root   772 Jun 24 14:04 entrypoint
-rwxr-xr-x 1 root root 25796 Jun 24 14:04 gvm-manage-certs
-rw-r--r-- 1 root root   825 Jun 24 14:04 setup-mta
-rwxr-xr-x 1 root root  1752 Jun 24 14:04 start-gvmd

Steps to reproduce

Start fresh container using docker-compose.yml provided in the docs. Add ENV vars from here: https://greenbone.github.io/docs/latest/22.4/container/workflows.html#setting-up-a-mail-transport-agent-inside-docker-container

root@0c7894fb7b0a:/usr/local/bin# ./setup-mta 
bash: ./setup-mta: Permission denied
root@0c7894fb7b0a:/usr/local/bin# chmod +x setup-mta 
root@0c7894fb7b0a:/usr/local/bin# ./setup-mta 
setting up configuration file for mail agent

Try to set up and test mail notification.

GVM versions

gsa: (gsad --version)

# gsad --version
Greenbone Security Assistant 22.10.0

gvm: (gvmd --version)

# gvmd --version
Greenbone Vulnerability Manager 23.7.0
Manager DB revision 256

openvas-scanner: (openvas --version)

# openvas --version
bash: /usr/local/sbin/openvas: Operation not permitted

gvm-libs:

---

Environment

Not relevant Operating system: Debian Bookworm (Stable) Installation method / source: (packages, source installation) Docker-compose.yml from docs

Logfiles

event alert:MESSAGE:2024-07-19 09h00.59 utc:290: The alert Send email was triggered (Event: Task status changed to 'Done', Condition: Always)
md manage:WARNING:2024-07-19 09h01.00 utc:290: email: system failed with ret 16640, 65, read FROM TO < /tmp/gvmd-args-p1Agi8; /usr/sbin/sendmail -f "$FROM" "$TO" < /tmp/gvmd-content-8V1599 > /dev/null 2>&1

I tried to do simple chmod + on a script and execute as shown in STEPS TO REPRODUCE. So its simple fix but after each container restart has to be done manually.

P.S. my email notifications still won't work. But I guess its some separate problem.

Orest-Worhacz commented 3 months ago

Mentioning OP of MR @castorsky

castorsky commented 3 months ago

Hello @Orest-Worhacz, script is being run not with executing ./setup-mta but with "sourcing" (see the .docker/entrypoint.sh file):

. setup-mta

Sourcing does not need file to have execution permissions.

Orest-Worhacz commented 3 months ago

I see, right. My bad then. I think this might be closed. And maybe I will figure out how to use your code to send e-mails.