I just set up a RAID 1 array using mdadm on Debian. I am trying to enable mdadm email monitoring using msmtp. I am following the msmtp documentation (https://marlam.de/msmtp/msmtp.html#Examples) and want to store my Gmail app password using either secret-tool or gpg.
Both tools work fine on their own:
- I can retrieve my app password using:
secret-tool lookup host smtp.gmail.com service smtp user [username]
or
gpg --no-tty --quiet --decrypt ~/.msmtp-gmail.gpg
- I can also successfully send emails using:
echo "test email" | msmtp [emailaddess]@gmail.com
However, when I run sudo mdadm --monitor --scan --test -1, I get the following output:
- Using
secret-tool
sendmail: cannot read output of 'secret-tool lookup host smtp.gmail.com service smtp user [username]'
- Using
gpg
gpg: can't open '/root/.msmtp-gmail.gpg': No such file or directory
gpg: decrypt_message failed: No such file or directory
sendmail: cannot read output of 'gpg --no-tty --quiet --decrypt ~/.msmtp-gmail.gpg'
- Using password stored in cleartext
sudo mdadm --monitor --scan --test -1 does work when I store the password directly in the /etc/msmtprc file. However, I want to avoid this.
Question
secret-tool, gpg, and msmtp all seem to be working correctly when run by the user. The issue seems to occur because mdadm is run with sudo.
How can I get around this issue? I would like to adhere to best practices for file permissions/security.
