-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/14/2016 09:36 PM, Jonathan Callen wrote: > On 07/14/2016 05:19 PM, Fernando Rodriguez wrote: >> On 07/13/2016 01:41 PM, wabe wrote: >>> Fernando Rodriguez <cyklon...@gmail.com> wrote: >> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA256 >>>> >>>> On 07/13/2016 07:10 AM, Alan McKinnon wrote: >>>>> On 12/07/2016 03:47, jens w wrote: >>>>>> .procmailrc >>>>>> :0 c >>>>>> * !^X-Loop: n...@example.com >>>>>> | formail -X "From:" | $HOME/bin/script.sh >>>>>> >>>>>> procmail.log >>>>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh >>>>>> >>>>>> for incoming mail, a script is executed. logfile has the same >>>>>> entry as it is in other users. but the script do nothing. >>>>>> >>>>>> How executing a command as a nologin user? >>>>>> >>>>> >>>>> >>>>> You can't, not the way you are doing it. >>>>> You want to launch a shell script for the user, but the user's >>>>> shell is /sbin/nologin. This exits immediately without launching >>>>> the script. >>>>> >>>>> Give the user a real shell. >>>>> >>>>> Alan >>>>> >>>> >>>> I've been following this thread and thinking the same thing but >>>> wasn't sure. >>>> >>>> What if you invoke the shell directly instead of the script, either: >>>> /bin/sh -c "<path to script>" or /bin/sh -c "$(cat <script>)"? >>>> >>>> If procmail uses the system() call to launch the script it won't work >>>> but if it uses fork()/exec() or similar I think that it should work. >> >>> I don't know how procmail is launching scripts so I don't know if >>> that what I say now makes sense. :-) >> >>> I tested if another regular user (lets call him user1) can execute >>> scripts that are owned by nologinuser. It works as long as the path >>> and the script itself are readable and executable by user1. >>> If the script is writing stuff into /home/nologinuser then it is >>> also necessary that the home directory is writable by user1. >> >>> Of course user1 hasn't executed the script as nologinuser. I don't >>> know if procmail is doing so. >> >>> -- >>> Regards >>> wabe >> >> >> Yes, you can execute any scripts as long as you have permissions. A program >> can use the exec() family of functions to do that. But if the program calls >> the system() function or similar it will try to use the user shell to execute >> the command. If the shell is nologin it will refuse to do so. >> >> > > That's not actually true either. The system(3) function is defined to > create a child process using fork(2), then execute the specified command > using execl(3) as follows: > > execl("/bin/sh", "sh", "-c", command, (char *) 0); > > Note that this is not dependent on the user's normal shell, the shell > /bin/sh is *always* used. >
You're right thanks. And I checked procmail and it tries execvp() first and if that fails it execv()s /bin/sh with the command as arguments so we're probably barking at the wrong tree. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXiOjwAAoJEPbOFX/5Ulwcf80P/3LJFslEB61WnSGBaHmdQT44 AjOi7n1FNQcd4voEplIXR3uHsmwThVe8auea9rcJLPuqBqFeNY0U0ZoNzYxFIzi2 WwmKVVghpyy0dRK/pjup/iaeoYK0cn6lV8GUYIZHOUBgJGXz7RyXDlDHB9/7TXcD f2KDtlB3oQM4FhWMjW4dozlXdAat/djKQamWx5bpLYDtxkegU8BYuKAr11bvF1C4 j6i8DModMe9hHEOpRD81qIk3GmL92z4D75mqe2adZbQBVQ/1WJJ0/P0oyEa+CHcg b68yeP3ZoKoByUJ+lvxQz87tsFo3r45pgkLjk1pWTWaYZ+hymINnR6RFSYZdfJ2M XOFlznnava1ntqVSPGOm96uCyF9/V7pa1vHrOBkUo9wMAYNKb+EV+jIA88YmygBv JaI8Kw0LAfrDEsdDQT9B2rP66AVLQwkqhaYK0a4hyfqNWUaoGEgBbFxq1J3Q9kKa 1q0aD3KYXZgbJJKkLzCxKNN/PThzw9Cm3wfYn5KdYh1Qlc/11N2pJwmf3XFH1rfx wRpetQf5ygyK9Dqy6QVduIM4aJu4KTM+ybEpANagtx231HL9pSGa9BdEbAkwF4qJ SIqCpYEEDnXHbC7xHalAebMCmqHwGdugKTAyeu3ch2z9LEQmDG4+/Z2Gb9jasZOz C4hrOWmbMCr4atkiwWyH =cfEk -----END PGP SIGNATURE-----