| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 07/13/2016 01:41 PM, wabe wrote: |
| 5 |
> Fernando Rodriguez <cyklonite@×××××.com> wrote: |
| 6 |
> |
| 7 |
>> -----BEGIN PGP SIGNED MESSAGE----- |
| 8 |
>> Hash: SHA256 |
| 9 |
>> |
| 10 |
>> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
| 11 |
>>> On 12/07/2016 03:47, jens w wrote: |
| 12 |
>>>> .procmailrc |
| 13 |
>>>> :0 c |
| 14 |
>>>> * !^X-Loop: name@×××××××.com |
| 15 |
>>>> | formail -X "From:" | $HOME/bin/script.sh |
| 16 |
>>>> |
| 17 |
>>>> procmail.log |
| 18 |
>>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
| 19 |
>>>> |
| 20 |
>>>> for incoming mail, a script is executed. logfile has the same |
| 21 |
>>>> entry as it is in other users. but the script do nothing. |
| 22 |
>>>> |
| 23 |
>>>> How executing a command as a nologin user? |
| 24 |
>>>> |
| 25 |
>>> |
| 26 |
>>> |
| 27 |
>>> You can't, not the way you are doing it. |
| 28 |
>>> You want to launch a shell script for the user, but the user's |
| 29 |
>>> shell is /sbin/nologin. This exits immediately without launching |
| 30 |
>>> the script. |
| 31 |
>>> |
| 32 |
>>> Give the user a real shell. |
| 33 |
>>> |
| 34 |
>>> Alan |
| 35 |
>>> |
| 36 |
>> |
| 37 |
>> I've been following this thread and thinking the same thing but |
| 38 |
>> wasn't sure. |
| 39 |
>> |
| 40 |
>> What if you invoke the shell directly instead of the script, either: |
| 41 |
>> /bin/sh -c "<path to script>" or /bin/sh -c "$(cat <script>)"? |
| 42 |
>> |
| 43 |
>> If procmail uses the system() call to launch the script it won't work |
| 44 |
>> but if it uses fork()/exec() or similar I think that it should work. |
| 45 |
> |
| 46 |
> I don't know how procmail is launching scripts so I don't know if |
| 47 |
> that what I say now makes sense. :-) |
| 48 |
> |
| 49 |
> I tested if another regular user (lets call him user1) can execute |
| 50 |
> scripts that are owned by nologinuser. It works as long as the path |
| 51 |
> and the script itself are readable and executable by user1. |
| 52 |
> If the script is writing stuff into /home/nologinuser then it is |
| 53 |
> also necessary that the home directory is writable by user1. |
| 54 |
> |
| 55 |
> Of course user1 hasn't executed the script as nologinuser. I don't |
| 56 |
> know if procmail is doing so. |
| 57 |
> |
| 58 |
> -- |
| 59 |
> Regards |
| 60 |
> wabe |
| 61 |
> |
| 62 |
|
| 63 |
Yes, you can execute any scripts as long as you have permissions. A program |
| 64 |
can use the exec() family of functions to do that. But if the program calls |
| 65 |
the system() function or similar it will try to use the user shell to execute |
| 66 |
the command. If the shell is nologin it will refuse to do so. |
| 67 |
-----BEGIN PGP SIGNATURE----- |
| 68 |
Version: GnuPG v2 |
| 69 |
|
| 70 |
iQIcBAEBCAAGBQJXiAHpAAoJEPbOFX/5UlwciFIQAIjuF7FyCK5LSfJDuaF9TD4F |
| 71 |
nCDABuUVQzfAKX6EneNu40EPWsgs86xFjJqOI1tDAjC0lBWzKIZnX72fR/vSylHP |
| 72 |
qCTPCNJzFCaZ6ofjcUFfwtFDLxR2esgyCD4YUxHkQlATutzmx9kPwT/j7nxOILr0 |
| 73 |
udGYZVxJqfLLm6KL4NHOYwBe2rMMlXVQpwLoqfGffVJnJpQokZfYhgNYOaibvtMz |
| 74 |
K8rO+9EqD4w6JBiRZOI2LVZ/+mCz/jwrLPToNaeENI2M9+kzzRalOecbQkghDSvT |
| 75 |
rCHdgllPQJlL88I1ZaBIYcL9cbuWKrwxQDjpF5WtOlD/E9GBT4pI2IaDvIyCBCrb |
| 76 |
lo3gWxxwZUHhIY491Y0f+BxsFsf8K2isu3I98+1zIhAXyDV5RKQGnHeRfdt0dpLs |
| 77 |
YVko24UHw4MV+6byC1pgQ3NUHgq/tQ4adzLJRnxuPq6qxVdyCcs1IQglqLfvUGFV |
| 78 |
H6EaJNFhOP9SyGtlAIBBCD3rRnLeWHKM01hcm2uUqgpH7WujWekTY1Mv8HOesXTd |
| 79 |
htpvRaC8DghUz6rxK7+qsX5fm+FTQmx8v9yrPFLUvMmkdsiLUEZJfgySwlvYoBIg |
| 80 |
7JHpPSI5lASuGkYoDA2mExPZmVKdmHBH2rMbrrZzEun5FFJMsPNa0yevcfs1XHdJ |
| 81 |
GOAGe/y4+oMib0gkFKde |
| 82 |
=T1mF |
| 83 |
-----END PGP SIGNATURE----- |
Archives