skip to Main Content

Running Ubuntu. After updating the /etc/aliases file, the newaliases command must be run to build an alias database /etc/aliases.db. I can successfully run sudo newaliases but when I created a shell script (named myscript.sh) that uses the newaliases command, I am getting postalias: fatal: open /etc/aliases.db: Permission denied error. I use sudo myscript.sh to start the script (whoami executed by the script prints out ‘root’) and the script successfully executes multiple commands that require root privileges (e.g. writes to /etc/aliases) prior to hitting the error with newaliases.

I attempted the following:

  1. verified the access of /etc/aliases and /etc/aliases.db commands – both are 755 root:root
  2. changed the attributes of myscript.sh to 755 root:root
  3. changed the attributes of myscript.sh to 4755 root:root
  4. instead of running newaliases, I tried postalias /etc/aliases as well as sendmail -bi as they seem to provide similar functionality
  5. updated the sudoers configuration to allow no-password execution of newaliases:
myuser ALL=(ALL) NOPASSWD: /etc/myscript.sh
myuser ALL=(ALL) NOPASSWD: /usr/bin/newaliases
  1. allowed my user to execute any commands with sudo:
myuser ALL=(ALL:ALL) NOPASSWD:ALL
  1. used sudo newaliases in the script
  2. used sudo bash -c "newaliases" in the script

All the above attempts failed – always getting the same error.

Main question: how can I execute newaliases from a shell script? Any idea what is special about newaliases given the fact that the script performs other actions requiring root access without issues?

What I discovered during step 4 is that newaliases is just a symlink to sendmail:

ubuntu@mail:~$ ls -l /usr/bin/newaliases
lrwxrwxrwx 1 root root 16 Jan 29  2024 /usr/bin/newaliases -> ../sbin/sendmail

but when I simply run sendmail it does NOT perform the update of the alias database just like newaliases does (instead it needs the sendmail -bi command to do the same). This is the secondary question – if you can explain this mystery it may help.

Thanks!
JJ

2

Answers


  1. Chosen as BEST ANSWER

    Alan's suggestion was great to simplify the script to just:

    #!/bin/bash
    /usr/bin/newaliases
    

    this simple script worked and it helped to find me an error in the earlier code of the original script which unintentionally modified the owner of the /etc/aliases file to not be root. This causes the newaliases command to fail.


  2. Minimize your-script while debugging to:

    #!/bin/bash
    /usr/bin/newliases
    

    Then fix the permission on your /etc/aliases should be 644 (not 755):

    # chmod 644 /etc/aliases
    # rm /etc/aliases.db
    $ sudo your-script
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search