1 |
On 13/07/2016 19:05, wabe wrote: |
2 |
> Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
3 |
> |
4 |
>> On 13/07/2016 18:42, wabe wrote: |
5 |
>>> Fernando Rodriguez <cyklonite@×××××.com> wrote: |
6 |
>>> |
7 |
>>>> -----BEGIN PGP SIGNED MESSAGE----- |
8 |
>>>> Hash: SHA256 |
9 |
>>>> |
10 |
>>>> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
11 |
>>>>> On 12/07/2016 03:47, jens w wrote: |
12 |
>>>>>> .procmailrc |
13 |
>>>>>> :0 c |
14 |
>>>>>> * !^X-Loop: name@×××××××.com |
15 |
>>>>>> | formail -X "From:" | $HOME/bin/script.sh |
16 |
>>>>>> |
17 |
>>>>>> procmail.log |
18 |
>>>>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
19 |
>>>>>> |
20 |
>>>>>> for incoming mail, a script is executed. logfile has the same |
21 |
>>>>>> entry as it is in other users. but the script do nothing. |
22 |
>>>>>> |
23 |
>>>>>> How executing a command as a nologin user? |
24 |
>>>>>> |
25 |
>>>>> |
26 |
>>>>> |
27 |
>>>>> You can't, not the way you are doing it. |
28 |
>>>>> You want to launch a shell script for the user, but the user's |
29 |
>>>>> shell is /sbin/nologin. This exits immediately without launching |
30 |
>>>>> the script. |
31 |
>>>>> |
32 |
>>>>> Give the user a real shell. |
33 |
>>>>> |
34 |
>>>>> Alan |
35 |
>>>>> |
36 |
>>>> |
37 |
>>>> I've been following this thread and thinking the same thing but |
38 |
>>>> wasn't sure. |
39 |
>>> |
40 |
>>> I don't think so. To proof it, I created this user: |
41 |
>>> |
42 |
>>> nologinuser:x:1015:1016::/home/nologinuser:/sbin/nologin |
43 |
>>> |
44 |
>>> Then I created this script: |
45 |
>>> |
46 |
>>> #!/bin/sh |
47 |
>>> # |
48 |
>>> date >> /home/nologinuser/envars.txt |
49 |
>>> echo $HOME >> /home/nologinuser/envars.txt |
50 |
>>> echo $PATH >> /home/nologinuser/envars.txt |
51 |
>>> echo "-----------------------" >> /home/nologinuser/envars.txt |
52 |
>>> |
53 |
>>> I stored it as /var/script-nologinuser/testscript.sh. I had to store |
54 |
>>> it at this place because /home is mounted with the noexec option on |
55 |
>>> my system. |
56 |
>>> |
57 |
>>> |
58 |
>>> Then I created a cronjob for the nologinuser user: |
59 |
>>> |
60 |
>>> */2 * * * * /var/script-nologinuser/testscript.sh |
61 |
>>> |
62 |
>>> |
63 |
>>> The result is the file /home/nologinuser/envars.txt with this |
64 |
>>> content: |
65 |
>>> |
66 |
>>> Wed Jul 13 18:10:01 CEST 2016 |
67 |
>>> /home/nologinuser |
68 |
>>> /usr/bin:/bin |
69 |
>>> ----------------------- |
70 |
>>> Wed Jul 13 18:12:01 CEST 2016 |
71 |
>>> /home/nologinuser |
72 |
>>> /usr/bin:/bin |
73 |
>>> ----------------------- |
74 |
>>> |
75 |
>>> |
76 |
>>> The ownership and the rights for /home/nologinuser/, |
77 |
>>> /var/script-nologinuser/ and /var/script-nologinuser/testscript.sh |
78 |
>>> are nologinuser:nologinuser and 700. |
79 |
>>> |
80 |
>>> So it seems, that it is possible to execute scripts without setting |
81 |
>>> a shell in /etc/passwd. |
82 |
>>> |
83 |
>>> I don't know why it doesn't work for jens w. |
84 |
>> |
85 |
>> |
86 |
>> Not so. Your script is launched by cron, running as root. It starts a |
87 |
>> non-interactive no-login shell (that's why people have infernal |
88 |
>> trouble with cron, assuming it has a $PATH when it actually has none) |
89 |
> |
90 |
> Ok, this seems to make sense. I did another test to make sure that |
91 |
> it works also when the script isn't executed directly by crontab. |
92 |
> I'm not sure if this is a real proof, because the "execution chain" is |
93 |
> started by cron. |
94 |
> |
95 |
> I renamed /var/script-nologinuser/testscript.sh to |
96 |
> /var/script-nologinuser/testscript-2.sh and created a script |
97 |
> /var/script-nologinuser/testscript.sh with this content: |
98 |
> |
99 |
> #!/bin/sh |
100 |
> # |
101 |
> /var/script-nologinuser/testscript-2.sh |
102 |
> |
103 |
> |
104 |
> It also worked. |
105 |
|
106 |
|
107 |
I think in that circumstance, cron forks and execs an sh process in a |
108 |
non-interactive non-login shell, so it works out OK. |
109 |
|
110 |
Now to get procmail to do the same |
111 |
|
112 |
Alan |