[TriLUG] running script as mail alias, script running as specific user
Jon Carnes
jonc at nc.rr.com
Mon Jan 14 17:49:05 EST 2002
Thanks for everyone's suggestions.
I'm not having any problems with smrsh. The script actually runs. It just
doesn't run as user Lorax...
In the past I must have used a broken kernel or loaded a module that allowed
me to use chmod +s. And then the program ran as the user.
The program I've got is a simple shell script. I would hate to convert it
to C, since I want to give it out to a lot of folks who don't have any
programming experience. I'm actually trying to solve a common problem that
a lot of folks have in Mailman.
I can do it using sudo, but again that makes it a little too complex for the
intended audience.
If I can get the script to execute as a specified user, then I'm done and
the world will be a better place!
Jon
----- Original Message -----
From: "Jeremy P" <jeremyp at pobox.com>
To: "Triangle Linux Users Group" <trilug at trilug.org>
Sent: Monday, January 14, 2002 4:58 PM
Subject: Re: [TriLUG] running script as mail alias, script running as
specific user
> On Mon, 14 Jan 2002, Jon Carnes wrote:
>
> > I'm trying to setup an automated process using a email address. The
email
> > alias is something like:
> > thetrees: "|/usr/local/sbin/thetrees"
> >
> > The script thetrees in /usr/local/sbin needs to run as a specified user.
> > The user should be "lorax". How do I let the lorax speak for thetrees?
>
> ISTR you use sendmail. If so, you'll need to put the script in /etc/smrsh
> (or at least put a symlink there). Then, in the alias file call it
> something like "|/etc/smrsh/thetrees". By default, the script will run as
> user "mail".
>
> > I've tried using chmod u+s on the script, and setting the user to lorax,
but
> > that is not working.
>
> The kernel disallows suid shell scripts.
>
> You might be able to setup something with "sudo" (to allow uid mail to run
> something as lorax). But I don't know if there's a way of stopping sudo
> from asking for the user's password. You could always rewrite your script
> in C, and then suid that C program. You could also have it check to be
> sure it was started as "mail" so no one else can invoke it. But this gets
> complicated!
>
> --Jeremy
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
More information about the TriLUG
mailing list