| 1 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 2 |
|
| 3 |
> On 13/07/2016 18:42, wabe wrote: |
| 4 |
> > Fernando Rodriguez <cyklonite@×××××.com> wrote: |
| 5 |
> > |
| 6 |
> >> -----BEGIN PGP SIGNED MESSAGE----- |
| 7 |
> >> Hash: SHA256 |
| 8 |
> >> |
| 9 |
> >> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
| 10 |
> >>> On 12/07/2016 03:47, jens w wrote: |
| 11 |
> >>>> .procmailrc |
| 12 |
> >>>> :0 c |
| 13 |
> >>>> * !^X-Loop: name@×××××××.com |
| 14 |
> >>>> | formail -X "From:" | $HOME/bin/script.sh |
| 15 |
> >>>> |
| 16 |
> >>>> procmail.log |
| 17 |
> >>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
| 18 |
> >>>> |
| 19 |
> >>>> for incoming mail, a script is executed. logfile has the same |
| 20 |
> >>>> entry as it is in other users. but the script do nothing. |
| 21 |
> >>>> |
| 22 |
> >>>> How executing a command as a nologin user? |
| 23 |
> >>>> |
| 24 |
> >>> |
| 25 |
> >>> |
| 26 |
> >>> You can't, not the way you are doing it. |
| 27 |
> >>> You want to launch a shell script for the user, but the user's |
| 28 |
> >>> shell is /sbin/nologin. This exits immediately without launching |
| 29 |
> >>> the script. |
| 30 |
> >>> |
| 31 |
> >>> Give the user a real shell. |
| 32 |
> >>> |
| 33 |
> >>> Alan |
| 34 |
> >>> |
| 35 |
> >> |
| 36 |
> >> I've been following this thread and thinking the same thing but |
| 37 |
> >> wasn't sure. |
| 38 |
> > |
| 39 |
> > I don't think so. To proof it, I created this user: |
| 40 |
> > |
| 41 |
> > nologinuser:x:1015:1016::/home/nologinuser:/sbin/nologin |
| 42 |
> > |
| 43 |
> > Then I created this script: |
| 44 |
> > |
| 45 |
> > #!/bin/sh |
| 46 |
> > # |
| 47 |
> > date >> /home/nologinuser/envars.txt |
| 48 |
> > echo $HOME >> /home/nologinuser/envars.txt |
| 49 |
> > echo $PATH >> /home/nologinuser/envars.txt |
| 50 |
> > echo "-----------------------" >> /home/nologinuser/envars.txt |
| 51 |
> > |
| 52 |
> > I stored it as /var/script-nologinuser/testscript.sh. I had to store |
| 53 |
> > it at this place because /home is mounted with the noexec option on |
| 54 |
> > my system. |
| 55 |
> > |
| 56 |
> > |
| 57 |
> > Then I created a cronjob for the nologinuser user: |
| 58 |
> > |
| 59 |
> > */2 * * * * /var/script-nologinuser/testscript.sh |
| 60 |
> > |
| 61 |
> > |
| 62 |
> > The result is the file /home/nologinuser/envars.txt with this |
| 63 |
> > content: |
| 64 |
> > |
| 65 |
> > Wed Jul 13 18:10:01 CEST 2016 |
| 66 |
> > /home/nologinuser |
| 67 |
> > /usr/bin:/bin |
| 68 |
> > ----------------------- |
| 69 |
> > Wed Jul 13 18:12:01 CEST 2016 |
| 70 |
> > /home/nologinuser |
| 71 |
> > /usr/bin:/bin |
| 72 |
> > ----------------------- |
| 73 |
> > |
| 74 |
> > |
| 75 |
> > The ownership and the rights for /home/nologinuser/, |
| 76 |
> > /var/script-nologinuser/ and /var/script-nologinuser/testscript.sh |
| 77 |
> > are nologinuser:nologinuser and 700. |
| 78 |
> > |
| 79 |
> > So it seems, that it is possible to execute scripts without setting |
| 80 |
> > a shell in /etc/passwd. |
| 81 |
> > |
| 82 |
> > I don't know why it doesn't work for jens w. |
| 83 |
> |
| 84 |
> |
| 85 |
> Not so. Your script is launched by cron, running as root. It starts a |
| 86 |
> non-interactive no-login shell (that's why people have infernal |
| 87 |
> trouble with cron, assuming it has a $PATH when it actually has none) |
| 88 |
|
| 89 |
Ok, this seems to make sense. I did another test to make sure that |
| 90 |
it works also when the script isn't executed directly by crontab. |
| 91 |
I'm not sure if this is a real proof, because the "execution chain" is |
| 92 |
started by cron. |
| 93 |
|
| 94 |
I renamed /var/script-nologinuser/testscript.sh to |
| 95 |
/var/script-nologinuser/testscript-2.sh and created a script |
| 96 |
/var/script-nologinuser/testscript.sh with this content: |
| 97 |
|
| 98 |
#!/bin/sh |
| 99 |
# |
| 100 |
/var/script-nologinuser/testscript-2.sh |
| 101 |
|
| 102 |
|
| 103 |
It also worked. |
| 104 |
|
| 105 |
-- |
| 106 |
Regards |
| 107 |
wabe |
Archives