| 1 |
On 07/14/2016 05:19 PM, Fernando Rodriguez wrote: |
| 2 |
> On 07/13/2016 01:41 PM, wabe wrote: |
| 3 |
>> Fernando Rodriguez <cyklonite@×××××.com> wrote: |
| 4 |
> |
| 5 |
>>> -----BEGIN PGP SIGNED MESSAGE----- |
| 6 |
>>> Hash: SHA256 |
| 7 |
>>> |
| 8 |
>>> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
| 9 |
>>>> On 12/07/2016 03:47, jens w wrote: |
| 10 |
>>>>> .procmailrc |
| 11 |
>>>>> :0 c |
| 12 |
>>>>> * !^X-Loop: name@×××××××.com |
| 13 |
>>>>> | formail -X "From:" | $HOME/bin/script.sh |
| 14 |
>>>>> |
| 15 |
>>>>> procmail.log |
| 16 |
>>>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
| 17 |
>>>>> |
| 18 |
>>>>> for incoming mail, a script is executed. logfile has the same |
| 19 |
>>>>> entry as it is in other users. but the script do nothing. |
| 20 |
>>>>> |
| 21 |
>>>>> How executing a command as a nologin user? |
| 22 |
>>>>> |
| 23 |
>>>> |
| 24 |
>>>> |
| 25 |
>>>> You can't, not the way you are doing it. |
| 26 |
>>>> You want to launch a shell script for the user, but the user's |
| 27 |
>>>> shell is /sbin/nologin. This exits immediately without launching |
| 28 |
>>>> the script. |
| 29 |
>>>> |
| 30 |
>>>> Give the user a real shell. |
| 31 |
>>>> |
| 32 |
>>>> Alan |
| 33 |
>>>> |
| 34 |
>>> |
| 35 |
>>> I've been following this thread and thinking the same thing but |
| 36 |
>>> wasn't sure. |
| 37 |
>>> |
| 38 |
>>> What if you invoke the shell directly instead of the script, either: |
| 39 |
>>> /bin/sh -c "<path to script>" or /bin/sh -c "$(cat <script>)"? |
| 40 |
>>> |
| 41 |
>>> If procmail uses the system() call to launch the script it won't work |
| 42 |
>>> but if it uses fork()/exec() or similar I think that it should work. |
| 43 |
> |
| 44 |
>> I don't know how procmail is launching scripts so I don't know if |
| 45 |
>> that what I say now makes sense. :-) |
| 46 |
> |
| 47 |
>> I tested if another regular user (lets call him user1) can execute |
| 48 |
>> scripts that are owned by nologinuser. It works as long as the path |
| 49 |
>> and the script itself are readable and executable by user1. |
| 50 |
>> If the script is writing stuff into /home/nologinuser then it is |
| 51 |
>> also necessary that the home directory is writable by user1. |
| 52 |
> |
| 53 |
>> Of course user1 hasn't executed the script as nologinuser. I don't |
| 54 |
>> know if procmail is doing so. |
| 55 |
> |
| 56 |
>> -- |
| 57 |
>> Regards |
| 58 |
>> wabe |
| 59 |
> |
| 60 |
> |
| 61 |
> Yes, you can execute any scripts as long as you have permissions. A program |
| 62 |
> can use the exec() family of functions to do that. But if the program calls |
| 63 |
> the system() function or similar it will try to use the user shell to execute |
| 64 |
> the command. If the shell is nologin it will refuse to do so. |
| 65 |
> |
| 66 |
> |
| 67 |
|
| 68 |
That's not actually true either. The system(3) function is defined to |
| 69 |
create a child process using fork(2), then execute the specified command |
| 70 |
using execl(3) as follows: |
| 71 |
|
| 72 |
execl("/bin/sh", "sh", "-c", command, (char *) 0); |
| 73 |
|
| 74 |
Note that this is not dependent on the user's normal shell, the shell |
| 75 |
/bin/sh is *always* used. |
| 76 |
|
| 77 |
-- |
| 78 |
Jonathan Callen |
Archives