| 1 |
Fernando Rodriguez <cyklonite@×××××.com> wrote: |
| 2 |
|
| 3 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 4 |
> Hash: SHA256 |
| 5 |
> |
| 6 |
> On 07/13/2016 07:10 AM, Alan McKinnon wrote: |
| 7 |
> > On 12/07/2016 03:47, jens w wrote: |
| 8 |
> >> .procmailrc |
| 9 |
> >> :0 c |
| 10 |
> >> * !^X-Loop: name@×××××××.com |
| 11 |
> >> | formail -X "From:" | $HOME/bin/script.sh |
| 12 |
> >> |
| 13 |
> >> procmail.log |
| 14 |
> >> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh |
| 15 |
> >> |
| 16 |
> >> for incoming mail, a script is executed. logfile has the same |
| 17 |
> >> entry as it is in other users. but the script do nothing. |
| 18 |
> >> |
| 19 |
> >> How executing a command as a nologin user? |
| 20 |
> >> |
| 21 |
> > |
| 22 |
> > |
| 23 |
> > You can't, not the way you are doing it. |
| 24 |
> > You want to launch a shell script for the user, but the user's |
| 25 |
> > shell is /sbin/nologin. This exits immediately without launching |
| 26 |
> > the script. |
| 27 |
> > |
| 28 |
> > Give the user a real shell. |
| 29 |
> > |
| 30 |
> > Alan |
| 31 |
> > |
| 32 |
> |
| 33 |
> I've been following this thread and thinking the same thing but |
| 34 |
> wasn't sure. |
| 35 |
|
| 36 |
I don't think so. To proof it, I created this user: |
| 37 |
|
| 38 |
nologinuser:x:1015:1016::/home/nologinuser:/sbin/nologin |
| 39 |
|
| 40 |
Then I created this script: |
| 41 |
|
| 42 |
#!/bin/sh |
| 43 |
# |
| 44 |
date >> /home/nologinuser/envars.txt |
| 45 |
echo $HOME >> /home/nologinuser/envars.txt |
| 46 |
echo $PATH >> /home/nologinuser/envars.txt |
| 47 |
echo "-----------------------" >> /home/nologinuser/envars.txt |
| 48 |
|
| 49 |
I stored it as /var/script-nologinuser/testscript.sh. I had to store |
| 50 |
it at this place because /home is mounted with the noexec option on |
| 51 |
my system. |
| 52 |
|
| 53 |
|
| 54 |
Then I created a cronjob for the nologinuser user: |
| 55 |
|
| 56 |
*/2 * * * * /var/script-nologinuser/testscript.sh |
| 57 |
|
| 58 |
|
| 59 |
The result is the file /home/nologinuser/envars.txt with this |
| 60 |
content: |
| 61 |
|
| 62 |
Wed Jul 13 18:10:01 CEST 2016 |
| 63 |
/home/nologinuser |
| 64 |
/usr/bin:/bin |
| 65 |
----------------------- |
| 66 |
Wed Jul 13 18:12:01 CEST 2016 |
| 67 |
/home/nologinuser |
| 68 |
/usr/bin:/bin |
| 69 |
----------------------- |
| 70 |
|
| 71 |
|
| 72 |
The ownership and the rights for /home/nologinuser/, |
| 73 |
/var/script-nologinuser/ and /var/script-nologinuser/testscript.sh |
| 74 |
are nologinuser:nologinuser and 700. |
| 75 |
|
| 76 |
So it seems, that it is possible to execute scripts without setting |
| 77 |
a shell in /etc/passwd. |
| 78 |
|
| 79 |
I don't know why it doesn't work for jens w. |
| 80 |
|
| 81 |
-- |
| 82 |
Regards |
| 83 |
wabe |
Archives