macOS X, Operation not permitted - rename sendmail

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

macOS X, Operation not permitted - rename sendmail

James Brown
I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra.

Sudo make install finishes with:

Updating /usr/sbin/sendmail...
mv: rename /Users/jlbrown/Downloads/postfix-3.3.1/junk to /usr/sbin/sendmail: Operation not permitted
make: *** [install] Error 1

My make command was:

make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \
-DDEF_SERVER_SASL_TYPE=\"dovecot\" \
-DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
-DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
-DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
-DHAS_PCRE -I/usr/local/opt//include \
-DHAS_SSL -I/usr/local/opt/openssl@1.1 \
-DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql' AUXLIBS='-L/usr/local/lib -lpcre -lssl -lcrypto -L/usr/local/opt/mysql@5.7/lib \


Is this a SIP thing?

Anyone come across this? How to fix?

(I’ve been using Homebrew to install the other bits, but there is no formula for Postfix)

Thanks,

James.
Reply | Threaded
Open this post in threaded view
|

Re: macOS X, Operation not permitted - rename sendmail

Viktor Dukhovni
On Mon, Oct 01, 2018 at 05:56:57PM +1000, James Brown wrote:

> I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra.
>
> Sudo make install finishes with:
>
> Updating /usr/sbin/sendmail...

In MacOSX /usr is immutable, except during upgrade reboots.  You
can't install Postfix in /usr.  You need to build it for installation
in /usr/local.  This also means you can't replace /usr/sbin/sendmail,
but that should not be a problem, since the system-provided sendmail
will write compatible queue files, and the Postfix you build in
/usr/local can use the same queue-directory (owned by the "_postfix"
user and group-writable by "_postdrop").

However, you'll also need to disable the MacOS launchd agent for
the built-in Postfix, which watches the queue directory and starts
Postfix on demand and stops it when the queue is drained.  You'll
need a separate job to run your own Postfix.

MacOS/X is no longer a good platform for running your own Postfix
builds, the other major obstacle is that getting usable logs is is
painfully different.  You're running Postfix on a system that is
not designed to be a server.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: macOS X, Operation not permitted - rename sendmail

Larry Stone
> On Oct 1, 2018, at 3:13 AM, Viktor Dukhovni <[hidden email]> wrote:
>
> On Mon, Oct 01, 2018 at 05:56:57PM +1000, James Brown wrote:
>
>> I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra.
>>
>> Sudo make install finishes with:
>>
>> Updating /usr/sbin/sendmail...
>
> In MacOSX /usr is immutable, except during upgrade reboots.  You
> can't install Postfix in /usr.  You need to build it for installation
> in /usr/local.  This also means you can't replace /usr/sbin/sendmail,

Not quite. If you turn off SIP (System Integrity Protection), you can modify /usr. I’ve been running with SIP off since shortly after Apple added that feature. So far, they haven’t added anything that gets upset with you for doing so. Although when Apple had their hands on my MacBookPro to replace the battery, I found they turned it back on.

> MacOS/X is no longer a good platform for running your own Postfix
> builds, the other major obstacle is that getting usable logs is is
> painfully different.  You're running Postfix on a system that is
> not designed to be a server.

Agree. As I like to say, Apple thinks they know best how you should be using their products - there’s the “Apple Way” and the “wrong way” with nothing in between.

I build Postfix (which I use only for outbound system messages) on an old MacOS 10.9 system and then transfer the build. That keeps logging working the “right” way but is obviously not a long-term viable solution. Not concerned about having the latest and greatest Postfix since it’s not externally accessible.

--
Larry Stone
[hidden email]






Reply | Threaded
Open this post in threaded view
|

Re: macOS X, Operation not permitted - rename sendmail

Bill Cole-3
In reply to this post by James Brown
On 1 Oct 2018, at 3:56, James Brown wrote:

> Is this a SIP thing?

Yes. As Viktor said, Apple-populated paths under /usr are immutable
while SIP is enabled.

> Anyone come across this? How to fix?

Don't fight it. As Viktor said, you can adjust your build to NOT replace
the system 'sendmail' (which is Apple's custom-built Postfix 3.2.2.)
Even if you disable SIP to do that replacement, you will not be informed
when a future minor system update re-installs Apple's binary.

If you don't feel like cobbling up your own build under the Homebrew
model, MacPorts has a mature flexible port for Postfix, along with all
of its dependencies and possible dependencies (e.g. Dovecot, if you're
using it's SASL layer.)

And of course you CAN just try to work with Apple's build and buy their
additions (not sure what those are exactly any more...) at the cost of
their compile-time config choices. Everything you need to configure it
is right there in /etc/postfix/...