Running Ubuntu. After updating the /etc/aliases
file, the newaliases
command must be run to build an alias database /etc/aliases.db
. I can successfully run sudo newaliases
but when I created a shell script (named myscript.sh
) that uses the newaliases
command, I am getting postalias: fatal: open /etc/aliases.db: Permission denied
error. I use sudo myscript.sh
to start the script (whoami
executed by the script prints out ‘root’) and the script successfully executes multiple commands that require root privileges (e.g. writes to /etc/aliases
) prior to hitting the error with newaliases
.
I attempted the following:
- verified the access of
/etc/aliases
and/etc/aliases.db
commands – both are 755 root:root - changed the attributes of
myscript.sh
to 755 root:root - changed the attributes of
myscript.sh
to 4755 root:root - instead of running
newaliases
, I triedpostalias /etc/aliases
as well assendmail -bi
as they seem to provide similar functionality - updated the sudoers configuration to allow no-password execution of
newaliases
:
myuser ALL=(ALL) NOPASSWD: /etc/myscript.sh
myuser ALL=(ALL) NOPASSWD: /usr/bin/newaliases
- allowed my user to execute any commands with sudo:
myuser ALL=(ALL:ALL) NOPASSWD:ALL
- used
sudo newaliases
in the script - used
sudo bash -c "newaliases"
in the script
All the above attempts failed – always getting the same error.
Main question: how can I execute newaliases
from a shell script? Any idea what is special about newaliases
given the fact that the script performs other actions requiring root access without issues?
What I discovered during step 4 is that newaliases
is just a symlink to sendmail
:
ubuntu@mail:~$ ls -l /usr/bin/newaliases
lrwxrwxrwx 1 root root 16 Jan 29 2024 /usr/bin/newaliases -> ../sbin/sendmail
but when I simply run sendmail
it does NOT perform the update of the alias database just like newaliases
does (instead it needs the sendmail -bi
command to do the same). This is the secondary question – if you can explain this mystery it may help.
Thanks!
JJ
2
Answers
Alan's suggestion was great to simplify the script to just:
this simple script worked and it helped to find me an error in the earlier code of the original script which unintentionally modified the owner of the
/etc/aliases
file to not be root. This causes thenewaliases
command to fail.Minimize your-script while debugging to:
Then fix the permission on your /etc/aliases should be 644 (not 755):