1 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
2 |
|
3 |
> On 13/07/2016 18:42, wabe wrote: |
4 |
> > Fernando Rodriguez <cyklonite@×××××.com> wrote: |
5 |
> > |
6 |
> >> -----BEGIN PGP SIGNED MESSAGE----- |
7 |
> >> Hash: SHA256 |
8 |
> >> |
9 |
> >> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
10 |
> >>> On 12/07/2016 03:47, jens w wrote: |
11 |
> >>>> .procmailrc |
12 |
> >>>> :0 c |
13 |
> >>>> * !^X-Loop: name@×××××××.com |
14 |
> >>>> | formail -X "From:" | $HOME/bin/script.sh |
15 |
> >>>> |
16 |
> >>>> procmail.log |
17 |
> >>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
18 |
> >>>> |
19 |
> >>>> for incoming mail, a script is executed. logfile has the same |
20 |
> >>>> entry as it is in other users. but the script do nothing. |
21 |
> >>>> |
22 |
> >>>> How executing a command as a nologin user? |
23 |
> >>>> |
24 |
> >>> |
25 |
> >>> |
26 |
> >>> You can't, not the way you are doing it. |
27 |
> >>> You want to launch a shell script for the user, but the user's |
28 |
> >>> shell is /sbin/nologin. This exits immediately without launching |
29 |
> >>> the script. |
30 |
> >>> |
31 |
> >>> Give the user a real shell. |
32 |
> >>> |
33 |
> >>> Alan |
34 |
> >>> |
35 |
> >> |
36 |
> >> I've been following this thread and thinking the same thing but |
37 |
> >> wasn't sure. |
38 |
> > |
39 |
> > I don't think so. To proof it, I created this user: |
40 |
> > |
41 |
> > nologinuser:x:1015:1016::/home/nologinuser:/sbin/nologin |
42 |
> > |
43 |
> > Then I created this script: |
44 |
> > |
45 |
> > #!/bin/sh |
46 |
> > # |
47 |
> > date >> /home/nologinuser/envars.txt |
48 |
> > echo $HOME >> /home/nologinuser/envars.txt |
49 |
> > echo $PATH >> /home/nologinuser/envars.txt |
50 |
> > echo "-----------------------" >> /home/nologinuser/envars.txt |
51 |
> > |
52 |
> > I stored it as /var/script-nologinuser/testscript.sh. I had to store |
53 |
> > it at this place because /home is mounted with the noexec option on |
54 |
> > my system. |
55 |
> > |
56 |
> > |
57 |
> > Then I created a cronjob for the nologinuser user: |
58 |
> > |
59 |
> > */2 * * * * /var/script-nologinuser/testscript.sh |
60 |
> > |
61 |
> > |
62 |
> > The result is the file /home/nologinuser/envars.txt with this |
63 |
> > content: |
64 |
> > |
65 |
> > Wed Jul 13 18:10:01 CEST 2016 |
66 |
> > /home/nologinuser |
67 |
> > /usr/bin:/bin |
68 |
> > ----------------------- |
69 |
> > Wed Jul 13 18:12:01 CEST 2016 |
70 |
> > /home/nologinuser |
71 |
> > /usr/bin:/bin |
72 |
> > ----------------------- |
73 |
> > |
74 |
> > |
75 |
> > The ownership and the rights for /home/nologinuser/, |
76 |
> > /var/script-nologinuser/ and /var/script-nologinuser/testscript.sh |
77 |
> > are nologinuser:nologinuser and 700. |
78 |
> > |
79 |
> > So it seems, that it is possible to execute scripts without setting |
80 |
> > a shell in /etc/passwd. |
81 |
> > |
82 |
> > I don't know why it doesn't work for jens w. |
83 |
> |
84 |
> |
85 |
> Not so. Your script is launched by cron, running as root. It starts a |
86 |
> non-interactive no-login shell (that's why people have infernal |
87 |
> trouble with cron, assuming it has a $PATH when it actually has none) |
88 |
|
89 |
Ok, this seems to make sense. I did another test to make sure that |
90 |
it works also when the script isn't executed directly by crontab. |
91 |
I'm not sure if this is a real proof, because the "execution chain" is |
92 |
started by cron. |
93 |
|
94 |
I renamed /var/script-nologinuser/testscript.sh to |
95 |
/var/script-nologinuser/testscript-2.sh and created a script |
96 |
/var/script-nologinuser/testscript.sh with this content: |
97 |
|
98 |
#!/bin/sh |
99 |
# |
100 |
/var/script-nologinuser/testscript-2.sh |
101 |
|
102 |
|
103 |
It also worked. |
104 |
|
105 |
-- |
106 |
Regards |
107 |
wabe |