Making root run fetchmail as a user?
I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script Here is what I tried to do to get fetchmail to run as user mail: Make a home directory for user mail - /home/mail set the owner and group for this directory to mail chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail chmod 4755 /usr/bin/fetchmail This makes the binary run as user mail despite who calls it (including root) create a .fetchmailrc file in the home directory of user mail Edit the /etc/ppp/ip-up.d/fetchmail-up script Edit the /etc/ppp/ip-down.d/fetchmail-down script This didn't work. I also tried calling fetchmail with the --fetchmailrc and --idfile options set appropriately. And this didn't work either. I wanted to do it this way 'cause I thought it would be more secure - ie less things running as root the better. But I guess its not possible to be cracked via fetchmail since it doesn't accept connections, it makes them itself. Any ideas 'cause it would be useful to know how to do it anyway. Regards. Mark.
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Mark Devin wrote: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script You should consider the possibility of trying that using the fetchmail from unstable. It is safer... (speaking as the maintainer for fetchmail). Make a home directory for user mail - /home/mail set the owner and group for this directory to mail chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail chmod 4755 /usr/bin/fetchmail There are much easier ways. The one that strikes me as good for root is to run su mail /usr/bin/fetchmail You can even have fetchmail as the default shell for user mail, and call su mail - I think. man su will tell you more. In most PAM configurations, root can su to another user without any sort of autentication checks. OR, you could simply have cron calling fetchmail for user mail... I wanted to do it this way 'cause I thought it would be more secure - ie less things running as root the better. But I guess its not possible to be cracked via fetchmail since it doesn't accept connections, it makes them itself. I've never heard of anyone cracking fetchmail, but it is NOT crack-proof, and I think there are some potential buffer overflows in the code (there were in the past). An hostile server could attack fetchmail. If fetchmail is running as root, this _could_ lead to root compromise. Any ideas 'cause it would be useful to know how to do it anyway. Do keep in mind that if you run fetchmail as user 'mail', it cannot change uid to deliver mail as it would were it root. This does not make it impossible to do what you want, it is just something you have to take into account. I'll play around with the idea and maybe even add something like that to Debian's default fetchmail package. No promisses, though. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgptDRJQKjtLR.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
Henrique M Holschuh wrote: On Mon, 26 Mar 2001, Mark Devin wrote: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script You should consider the possibility of trying that using the fetchmail from unstable. It is safer... (speaking as the maintainer for fetchmail). Yeah, I am running that one. There are much easier ways. The one that strikes me as good for root is to run su mail /usr/bin/fetchmail You can even have fetchmail as the default shell for user mail, and call su mail - I think. man su will tell you more. In most PAM configurations, root can su to another user without any sort of autentication checks. OR, you could simply have cron calling fetchmail for user mail... I've never heard of anyone cracking fetchmail, but it is NOT crack-proof, and I think there are some potential buffer overflows in the code (there were in the past). An hostile server could attack fetchmail. If fetchmail is running as root, this _could_ lead to root compromise. Any ideas 'cause it would be useful to know how to do it anyway. Do keep in mind that if you run fetchmail as user 'mail', it cannot change uid to deliver mail as it would were it root. This does not make it impossible to do what you want, it is just something you have to take into account. I'll play around with the idea and maybe even add something like that to Debian's default fetchmail package. No promisses, though. Hmmm. That was very enlightening. Thank you very much. However, I didn't realise that doing this would cause potential problems with delivering mail. Is this only if the mail needs to be delivered to another user? Because what Andrew Berger suggested was this: su - -c 'fetchmail' $USER ie if fetchmail is run as the user that ran the pon script then would it deliver the mail to the user OK but not other users? Thus if run as user mail then would it have more trouble delivering to the user who called the script even since he will have a different UID. Plus I tried that above and it still ran as root - I guess cause root called the script (via the pon script which was called by pppd which is suid root.) But then I tried this: su - -c 'fetchmail' mark and this worked fine and delivered the mail perfectly - but Nb. there is currently only one user on this system to deliver the mail to. Hmmm. Thanks again. Mark.
Re: Making root run fetchmail as a user?
On Mon, Mar 26, 2001 at 10:45:44PM +1000, Mark Devin wrote: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script Here is what I tried to do to get fetchmail to run as user mail: Make a home directory for user mail - /home/mail set the owner and group for this directory to mail chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail chmod 4755 /usr/bin/fetchmail ack don't do that. setuid bits only work to *elevate* privileges *NOT* droping them. if you don't believe me make a copy of /usr/bin/id and chown it to nobody:nogroup, and chmod 6755 it, then run it as root. all you have done is allow every local user to take over uid mail. (which i think exim might use) This makes the binary run as user mail despite who calls it (including root) create a .fetchmailrc file in the home directory of user mail Edit the /etc/ppp/ip-up.d/fetchmail-up script Edit the /etc/ppp/ip-down.d/fetchmail-down script This didn't work. I also tried calling fetchmail with the --fetchmailrc and --idfile options set appropriately. And this didn't work either. ok there are a few problems with this. first fetchmail behaves differently when run as root then as a user. when run as root it makes a pid file in /var/run and acts like any other daemon. when run as a user it looks for things in ~/ and otherwise behaves differently (see the man page). so making fetchmail run as a user but act like it does when run as root is somewhat tricky. if you want to properly change uids change the scripts that run it to use start-stop-daemon --chuid whoever. or use su -c. but you will still have to work out the other daemonization and behavior issues. I wanted to do it this way 'cause I thought it would be more secure - ie less things running as root the better. But I guess its not possible to be cracked via fetchmail since it doesn't accept connections, it makes them itself. i think the risk level is probably low, though its not non-existent, if there was a format string bug, or a buffer overflow in its pop or imap code then a hostile imap or pop server could potentially send something wacky back and compromise it. or even less likely some sort of flaw in its parsing of the mail it gets. Any ideas 'cause it would be useful to know how to do it anyway. i am not sure of everything you would have to do to make it replicate its root owned behavior as a non-root user, read the man pages and other documentation. but most importantly put those permisions on /usr/bin/fetchmail back how they were: root.root 0755. -- Ethan Benson http://www.alaska.net/~erbenson/ pgppDKSbt3Wcm.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Mark Devin wrote: However, I didn't realise that doing this would cause potential problems with delivering mail. Is this only if the mail needs to be delivered to another user? Yes. BTW, if your user 'mail' has 'mail' as it default group, AND since Debian uses a sgid mail spool by default, it should be able to deliver mail to anyone even if you are forcing fetchmail to call, say, procmail to do it. AND I should add that when talking SMTP to a MTA (i.e. you told fetchmail to deliver to a SMTP server), fetchmail can deliver email to anyone, regardless of the user it is being run as. Or at least it damn well should be able to do it... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgprFpWaEvqR2.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
Why don't you try: su user -c cd ~ fetchmail --any-options-come-here in your scripts? --Marcus On Mon, Mar 26, 2001 at 10:45:44PM +1000, Mark Devin wrote: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script Here is what I tried to do to get fetchmail to run as user mail: Make a home directory for user mail - /home/mail set the owner and group for this directory to mail chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail chmod 4755 /usr/bin/fetchmail This makes the binary run as user mail despite who calls it (including root) create a .fetchmailrc file in the home directory of user mail Edit the /etc/ppp/ip-up.d/fetchmail-up script Edit the /etc/ppp/ip-down.d/fetchmail-down script This didn't work. I also tried calling fetchmail with the --fetchmailrc and --idfile options set appropriately. And this didn't work either. I wanted to do it this way 'cause I thought it would be more secure - ie less things running as root the better. But I guess its not possible to be cracked via fetchmail since it doesn't accept connections, it makes them itself. Any ideas 'cause it would be useful to know how to do it anyway. Regards. Mark. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- [EMAIL PROTECTED] http://www.antbear.org
Re: Making root run fetchmail as a user?
Henrique M Holschuh wrote: Yes. BTW, if your user 'mail' has 'mail' as it default group, AND since Debian uses a sgid mail spool by default, it should be able to deliver mail to anyone even if you are forcing fetchmail to call, say, procmail to do it. AND I should add that when talking SMTP to a MTA (i.e. you told fetchmail to deliver to a SMTP server), fetchmail can deliver email to anyone, regardless of the user it is being run as. Or at least it damn well should be able to do it... OK, I tried it. It seems to still not want to run. Here is what I did: 1. Copied my users .fetchids and .fetchmailrc files to /etc/ppp/ and changed the group and owner for them to mail 2. Changed my /etc/ppp/ip-up.d/fetchmail-up script to be as follows: #!/bin/sh su mail /usr/bin/fetchmail --fetchmailrc /etc/ppp/.fetchmailrc --idfile /etc/ppp/.fetchids It doesn't seem to want to run when I do this. What is wrong with this? Nb. I do not have a home directory for mail - just the default settings for the usual debian installation. ie my /etc/group file contains: mail:x:8:mark and my /etc/passwd file contains: mail:x:8:8:mail:/var/spool/mail:/bin/sh Regards. Mark.
Re: Making root run fetchmail as a user?
* Mark Devin [EMAIL PROTECTED], 20010326 16:26 +0200: Henrique M Holschuh wrote: On Mon, 26 Mar 2001, Mark Devin wrote: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script [...] Because what Andrew Berger suggested was this: su - -c 'fetchmail' $USER Sorry, hit the wrong key so it went per PM. ie if fetchmail is run as the user that ran the pon script then would it deliver the mail to the user OK but not other users? Thus if run as user mail then would it have more trouble delivering to the user who called the script even since he will have a different UID. If you have more than one users, for i in $(ls /home); do su - -c 'fetchmail' $i; done Though running as user mail, as Henrique suggested, is way more elegant. It would be a great idea to have a solution for ppp users out of the box... Andre Berger[EMAIL PROTECTED]
Re: Making root run fetchmail as a user?
Hi Mark! On Tue, 27 Mar 2001, Mark Devin wrote: What is wrong with this? Nb. I do not have a home directory for mail - just the Run fetchmail -v and that might help you find the problem. And you do have a home directory for mail, but it is /var/spool/mail. You probably need a '-' somewhere in that su line, or you'll run as user mail with the environment settings for root (which might confuse fetchmail. I don't know for sure). Also, make damn sure user mail has group mail as its primary (default) group. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp2x5XKOPaLU.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Andre Berger wrote: Though running as user mail, as Henrique suggested, is way more elegant. It would be a great idea to have a solution for ppp users out of the box... There is one: /etc/fetchmailrc, and let it run as root. It is described in the README.Debian, and a default ip-up script that will work even if you have a ppp link and a local LAN is there as well. It is NOT the optimal setup, though. It is a setup that won't fail in misterious ways (it does produce cosmetic problems, such as a failure to start fetchmail during bootup if you don't have a DNS resolver at that time). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpEsijZuNdiT.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
[EMAIL PROTECTED] (Mark Devin) writes: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script Here is what I tried to do to get fetchmail to run as user mail: Make a home directory for user mail - /home/mail set the owner and group for this directory to mail chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail chmod 4755 /usr/bin/fetchmail This makes the binary run as user mail despite who calls it (including root) create a .fetchmailrc file in the home directory of user mail Edit the /etc/ppp/ip-up.d/fetchmail-up script Edit the /etc/ppp/ip-down.d/fetchmail-down script This didn't work. I also tried calling fetchmail with the --fetchmailrc and --idfile options set appropriately. And this didn't work either. I wanted to do it this way 'cause I thought it would be more secure - ie less things running as root the better. But I guess its not possible to be cracked via fetchmail since it doesn't accept connections, it makes them itself. Any ideas 'cause it would be useful to know how to do it anyway. Forget all that (except the .fetchmailrc), just do this -- #!/bin/bash # /etc/ppp/ip-up.d/fetchmail-up # Check the mail. cd /home/mail su mail -c /usr/bin/fetchmail -d 900 -t 90 --silent --syslog # end /etc/ppp/ip-up.d/fetchmail-down #!/bin/bash # /etc/ppp/ip-down.d/fetchmail-down # Terminate fetching mail cd /home/mail su mail -c /usr/bin/fetchmail --quit # end /etc/ppp/ip-down.d/fetchmail-down -- * For God so loved the world that He gave his only begotten Son, * * that whoever believes in Him should not perish...John 3:16 *
Re: Making root run fetchmail as a user?
* Henrique M Holschuh [EMAIL PROTECTED], 20010326 18:44 +0200: On Mon, 26 Mar 2001, Andre Berger wrote: Though running as user mail, as Henrique suggested, is way more elegant. It would be a great idea to have a solution for ppp users out of the box... There is one: /etc/fetchmailrc, and let it run as root. It is described in the README.Debian, and a default ip-up script that will work even if you have a ppp link and a local LAN is there as well. It is NOT the optimal setup, though. It is a setup that won't fail in misterious ways (it does produce cosmetic problems, such as a failure to start fetchmail during bootup if you don't have a DNS resolver at that time). root would have to update this file whenever needed. Users can change their ~/.fetchmailrc on their own. Andre Berger[EMAIL PROTECTED]
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Andre Berger wrote: root would have to update this file whenever needed. Users can change their ~/.fetchmailrc on their own. True. But I cannot add such setup as the default. It would activate dormant .fetchmailrc's in the user directories. I can always add it as yet one more example, but that's it :( -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpxKyKjoZHyj.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Tue, Mar 27, 2001 at 12:37:46AM +1000, Mark Devin wrote: OK, I tried it. It seems to still not want to run. Here is what I did: 1. Copied my users .fetchids and .fetchmailrc files to /etc/ppp/ and changed the group and owner for them to mail /etc/ppp is not readable by user mail, at least not on my potato box: drwxr-x---6 root dip 1024 Oct 15 21:34 /etc/ppp/ It doesn't seem to want to run when I do this. see above -- Ethan Benson http://www.alaska.net/~erbenson/ pgpnZUtI2Jo9m.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
Ethan Benson wrote: On Tue, Mar 27, 2001 at 12:37:46AM +1000, Mark Devin wrote: OK, I tried it. It seems to still not want to run. Here is what I did: 1. Copied my users .fetchids and .fetchmailrc files to /etc/ppp/ and changed the group and owner for them to mail /etc/ppp is not readable by user mail, at least not on my potato box: Yeah. That was the problem. Thanks. I fixed it with the following: Edit the /etc/ppp/ip-up.d/fetchmail-up script to look like: su - -c '/usr/bin/fetchmail -d 900 -t 90 --silent --syslog --fetchmailrc /etc/fetchmail --idfile /var/spool/mail/.fetchids' mail Edit the /etc/ppp/ip-down.d/fetchmail-down script to look like: su - -c '/usr/bin/fetchmail --quit' mail Then touch /var/spool/mail/.fetchids chown mail /var/spool/mail/.fetchids cp /root/.fetchmailrc /etc/fetchmail user mail does own the /var/spool/mail directory and I made the owner and group for /etc/fetchmail mail And most importantly, it works. Thanks to all who helped me learn something here. Regards. Mark.