[TriLUG] running script as mail alias, script running as specific user

Brent Verner brent at rcfile.org
Mon Jan 14 18:01:49 EST 2002 

[2002-01-14 17:49] Jon Carnes said:
| Thanks for everyone's suggestions.
| 
| I'm not having any problems with smrsh.  The script actually runs.  It just
| doesn't run as user Lorax...
| 
| In the past I must have used a broken kernel or loaded a module that allowed
| me to use chmod +s.  And then the program ran as the user.

phish:/home/brent# ls -al whoami.pl 
-rwsr-sr-x    1 brent    brent          46 Jan 14 18:00 whoami.pl
phish:/home/brent# cat whoami.pl 
#!/usr/bin/suidperl
$ENV{PATH} = ""; #required security measure.
print `whoami`;
exit 0;

| The program I've got is a simple shell script.  I would hate to convert it
| to C, since I want to give it out to a lot of folks who don't have any
| programming experience.  I'm actually trying to solve a common problem that
| a lot of folks have in Mailman.
| 
| I can do it using sudo, but again that makes it a little too complex for the
| intended audience.
| 
| If I can get the script to execute as a specified user, then I'm done and
| the world will be a better place!
| 
| Jon
| ----- Original Message -----
| From: "Jeremy P" <jeremyp at pobox.com>
| To: "Triangle Linux Users Group" <trilug at trilug.org>
| Sent: Monday, January 14, 2002 4:58 PM
| Subject: Re: [TriLUG] running script as mail alias, script running as
| specific user
| 
| 
| > On Mon, 14 Jan 2002, Jon Carnes wrote:
| >
| > > I'm trying to setup an automated process using a email address.  The
| email
| > > alias is something like:
| > >   thetrees:  "|/usr/local/sbin/thetrees"
| > >
| > > The script thetrees in /usr/local/sbin needs to run as a specified user.
| > > The user should be "lorax".  How do I let the lorax speak for thetrees?
| >
| > ISTR you use sendmail.  If so, you'll need to put the script in /etc/smrsh
| > (or at least put a symlink there).  Then, in the alias file call it
| > something like "|/etc/smrsh/thetrees".  By default, the script will run as
| > user "mail".
| >
| > > I've tried using chmod u+s on the script, and setting the user to lorax,
| but
| > > that is not working.
| >
| > The kernel disallows suid shell scripts.
| >
| > You might be able to setup something with "sudo" (to allow uid mail to run
| > something as lorax).  But I don't know if there's a way of stopping sudo
| > from asking for the user's password.  You could always rewrite your script
| > in C, and then suid that C program.  You could also have it check to be
| > sure it was started as "mail" so no one else can invoke it.  But this gets
| > complicated!
| >
| > --Jeremy
| >
| > _______________________________________________
| > TriLUG mailing list
| > http://www.trilug.org/mailman/listinfo/trilug
| 
| _______________________________________________
| TriLUG mailing list
| http://www.trilug.org/mailman/listinfo/trilug

-- 
"Develop your talent, man, and leave the world something. Records are 
really gifts from people. To think that an artist would love you enough
to share his music with anyone is a beautiful thing."  -- Duane Allman

More information about the TriLUG mailing list