On 10/14/2013 02:31 PM, Gregory P. Ennis wrote: +AD4 Everyone, +AD4 +AD4 I am working on a Centos 5.9 system. I have an need to be able to +AD4 activate a piece of software from /etc/smrsh that is activated when +AD4 sendmail delivers the e-mail to this piece of software. I would like +AD4 this piece of software to take on the user and group identities that are +AD4 different than 'mail' which is what happens now. I want to use a user +AD4 and group that is not root), so that the piece of software will be able +AD4 to write (concatenate) to a file. +AD4 +AD4 I have never used setuid, but it appears that this will only allow a +AD4 piece of software to be set to root. I really do not want to give that +AD4 kind of privilege to this piece of software. +AD4 +AD4 Any ideas? I've done lots of operations from /etc/smrsh under sendmail. I can't say I've ever used setuid for this type of work+ADs it may well suffice. Now in my case with sendmail, the scripts run as the user receiving the email locally, so I don't need to do any of the below. I simply define the account that I want to run the script as the recipient of the message and it's all done. I'd suggest to run sudo and make an entry in /etc/sudoers. You want to be paranoid around any publicly visible service like email but an entry like this might work in /etc/sudoers: mail ALL+AD0(user2) NOPASSWD: /usr/local/script.to.run.sh Defaults:mail +ACE-requiretty Again, I'm not sure why you are seeing this run as the +ACI-mail+ACI user unless that is the name of the local account, sendmail runs these kinds of scripts as the user receiving the messages. In which case, if my user was +ACI-taxinfo+ACI it would look like taxinfo ALL+AD0(user2) NOPASSWD: /usr/local/script.to.run.sh Defaults:taxinfo +ACE-requiretty Note that the last line (Defaults...) is probably needed because there's not an actual terminal involved when processing a background script. Try without and see if it works. Then, in /etc/smrsh/received.sh you have +ACMAIQ /bin/sh /usr/bin/sudo -u taxinfo /usr/local/script.to.run.sh+ADs And in your .forward file: (don't forget to chmod 600 this file) +AHw /etc/smrsh/received.sh Good luck+ACE ----------------------------------------------------------------------- Ben, I was using an e-mail aliase that did not have a user account which becomes the 'mail' account when any data is stored or accessed by a piece of software that is activated in /etc/smrsh. However, I really like you suggestion. I should have thought about creating a user account and then aliasing the e-mail to that account. I will not have the opportunity to play with this idea until the weekend+ADs thank you very much+ACEAIQAhACE Greg +AF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXw CentOS mailing list CentOS+AEA-centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
