1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 07/13/2016 01:41 PM, wabe wrote: |
5 |
> Fernando Rodriguez <cyklonite@×××××.com> wrote: |
6 |
> |
7 |
>> -----BEGIN PGP SIGNED MESSAGE----- |
8 |
>> Hash: SHA256 |
9 |
>> |
10 |
>> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
11 |
>>> On 12/07/2016 03:47, jens w wrote: |
12 |
>>>> .procmailrc |
13 |
>>>> :0 c |
14 |
>>>> * !^X-Loop: name@×××××××.com |
15 |
>>>> | formail -X "From:" | $HOME/bin/script.sh |
16 |
>>>> |
17 |
>>>> procmail.log |
18 |
>>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
19 |
>>>> |
20 |
>>>> for incoming mail, a script is executed. logfile has the same |
21 |
>>>> entry as it is in other users. but the script do nothing. |
22 |
>>>> |
23 |
>>>> How executing a command as a nologin user? |
24 |
>>>> |
25 |
>>> |
26 |
>>> |
27 |
>>> You can't, not the way you are doing it. |
28 |
>>> You want to launch a shell script for the user, but the user's |
29 |
>>> shell is /sbin/nologin. This exits immediately without launching |
30 |
>>> the script. |
31 |
>>> |
32 |
>>> Give the user a real shell. |
33 |
>>> |
34 |
>>> Alan |
35 |
>>> |
36 |
>> |
37 |
>> I've been following this thread and thinking the same thing but |
38 |
>> wasn't sure. |
39 |
>> |
40 |
>> What if you invoke the shell directly instead of the script, either: |
41 |
>> /bin/sh -c "<path to script>" or /bin/sh -c "$(cat <script>)"? |
42 |
>> |
43 |
>> If procmail uses the system() call to launch the script it won't work |
44 |
>> but if it uses fork()/exec() or similar I think that it should work. |
45 |
> |
46 |
> I don't know how procmail is launching scripts so I don't know if |
47 |
> that what I say now makes sense. :-) |
48 |
> |
49 |
> I tested if another regular user (lets call him user1) can execute |
50 |
> scripts that are owned by nologinuser. It works as long as the path |
51 |
> and the script itself are readable and executable by user1. |
52 |
> If the script is writing stuff into /home/nologinuser then it is |
53 |
> also necessary that the home directory is writable by user1. |
54 |
> |
55 |
> Of course user1 hasn't executed the script as nologinuser. I don't |
56 |
> know if procmail is doing so. |
57 |
> |
58 |
> -- |
59 |
> Regards |
60 |
> wabe |
61 |
> |
62 |
|
63 |
Yes, you can execute any scripts as long as you have permissions. A program |
64 |
can use the exec() family of functions to do that. But if the program calls |
65 |
the system() function or similar it will try to use the user shell to execute |
66 |
the command. If the shell is nologin it will refuse to do so. |
67 |
-----BEGIN PGP SIGNATURE----- |
68 |
Version: GnuPG v2 |
69 |
|
70 |
iQIcBAEBCAAGBQJXiAHpAAoJEPbOFX/5UlwciFIQAIjuF7FyCK5LSfJDuaF9TD4F |
71 |
nCDABuUVQzfAKX6EneNu40EPWsgs86xFjJqOI1tDAjC0lBWzKIZnX72fR/vSylHP |
72 |
qCTPCNJzFCaZ6ofjcUFfwtFDLxR2esgyCD4YUxHkQlATutzmx9kPwT/j7nxOILr0 |
73 |
udGYZVxJqfLLm6KL4NHOYwBe2rMMlXVQpwLoqfGffVJnJpQokZfYhgNYOaibvtMz |
74 |
K8rO+9EqD4w6JBiRZOI2LVZ/+mCz/jwrLPToNaeENI2M9+kzzRalOecbQkghDSvT |
75 |
rCHdgllPQJlL88I1ZaBIYcL9cbuWKrwxQDjpF5WtOlD/E9GBT4pI2IaDvIyCBCrb |
76 |
lo3gWxxwZUHhIY491Y0f+BxsFsf8K2isu3I98+1zIhAXyDV5RKQGnHeRfdt0dpLs |
77 |
YVko24UHw4MV+6byC1pgQ3NUHgq/tQ4adzLJRnxuPq6qxVdyCcs1IQglqLfvUGFV |
78 |
H6EaJNFhOP9SyGtlAIBBCD3rRnLeWHKM01hcm2uUqgpH7WujWekTY1Mv8HOesXTd |
79 |
htpvRaC8DghUz6rxK7+qsX5fm+FTQmx8v9yrPFLUvMmkdsiLUEZJfgySwlvYoBIg |
80 |
7JHpPSI5lASuGkYoDA2mExPZmVKdmHBH2rMbrrZzEun5FFJMsPNa0yevcfs1XHdJ |
81 |
GOAGe/y4+oMib0gkFKde |
82 |
=T1mF |
83 |
-----END PGP SIGNATURE----- |