2023-03-28T15:15:29-0300 tars crond[89450]: procmail: Couldn't create "/var/spool/mail/marcelo"
2023-03-28T15:15:29-0300 tars crond[89449]: MDA returned nonzero status 73
2023-03-28T15:15:33-0300 tars crond[89454]: procmail: Couldn't create "/var/spool/mail/marcelo"
2023-03-28T15:15:33-0300 tars crond[89453]: MDA returned nonzero status 73
I enabled some backup scripts via crontab -e, and it looks like it started when I did it. Now I commented everything, but it keeps going. Removed my user’s crontab file; restored it; created and empty one…
It seems the problem isn’t with cron firing, but that procmail couldn’t create the mailbox for the user:
/var/spool/mail/marcelo
It’s likely that either the procmail process user can’t write to /var/spool/mail or is blocked from doing so by SELinux. Do you see any AVC denials in journalctl around this time related to procmail?
Cron was firing with no problems, just one command I misstype and decide to check the logs and found those messages.
journalctl | grep AVC found nothing. As is an upgrade from F37 I ran the Post-upgrade option commands, one of them is related to SELinux.
Permissions on this directory only allow write access for root.
The mailbox should have been created automatically along with the user’s home directory.
Since it no longer exists, you can restore it manually like this:
Since procmail wants to create the file, we can assume it does not exist.
And if the file is actually missing, then you need to investigate how it was removed.
I hope you are not confusing /var/spool/cron and /var/spool/mail.
The former is for crontabs and the latter is for mailboxes.
The file is there. Not removed. Was there when I first saw those log messages. I removed after and tried to create a new one with the same permissions, but got the same messages.
doas lsd -thral /var/spool/mail/$USER
.rw-rw---- marcelo mail 0 B Wed Mar 29 12:57:33 2023  /var/spool/mail/marcelo
Mucking about with system installed files is seldom fruitful and often breaks things.
SELinux may be interfering now and that can be fixed with sudo restorecon -R /var/spool. By temporarily disabling selinux with sudo setenforce 0 while testing you may find out if it is caused by selinux.
The permissions should be (by default)
# ls -lZ /var/spool/mail
total 0
-rw-rw----. 1 $USER mail system_u:object_r:mail_spool_t:s0 0 Mar 10 20:09 $USER
This tells you the selinux context is not set for those files. I would expect that procmail is being prevented from writing there.
What is the result of ls -lZd /var/spool/mail
# ls -lZd /var/spool/mail
drwxrwxr-x. 2 root mail system_u:object_r:mail_spool_t:s0 4096 Mar 10 20:09 /var/spool/mail
Previous post was the content of the directory. My last request was for the actual directory listing.
Just to add a bit of explanation to the post by Vladislav above.
When SELinux is disabled it does not do anything. Files created are not given an selinux content, nothing is checked to allow or restrict access, etc. Those files you posted with no context are possibly a very small percentage of the total files in the system that might not have an selinux context assigned.
The commands given will put selinux into enforcing mode and then relabel all the system files with the proper context during the reboot.
Also, when you ran restorecon with selinux disabled it had nothing to do (it was disabled) so could not tell you what it did.
Thanks for everything. I decided to do a fresh install.
Something was wrong. The selinux=1 line inside /etc/default/grub is not present on a fresh F38, it was inherited from previous installation and not corrected during the upgrade(s). As I had also various problems before and after upgrading with constant packages conflicts, restoring my snapshots or a fresh install were better options than digging it further.