Re: [EXIM] queryprogram shell script?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: djc
CC: exim-users
Subject: Re: [EXIM] queryprogram shell script?
On Fri, 13 Mar 1998, Dave C. wrote:

> I specifically set never_users to "halt" so that root would not be a
> never user.


never_users applies only to the running of local transports. It does not
apply to running routers.

> my_router:
> driver = queryprogram
> self = send
> domains = process.my.domain
> command = "/path/to/program $local_part"
> transport = my_transport
>
> /path/to/program:
>
> #!/bin/sh
> echo "OK + + + +"
> exit 0
>
> I keep getting:
>
> bad command yield: shell-init: could not get current directory: getwd:
> cannot access parent directories\nOK + + + +
>
> from this router doing a -v queue run ???
>
> A. Why can't bash access its current directory or parent directories?
> Even if it is running as nobody, it should be in a directory that is at
> least mode 755, readable to all UIDS including "nobody".


I can't answer the question, I'm afraid.

It will be running as "nobody". See the specification of the
queryprogram router, where it says:

The command is run as 'nobody'. If the main configuration has not defined a
user and group for 'nobody', then it is looked up using getpwnam(). If this
fails, the router fails and the message is frozen.

In tests, I have no problem running a small shell script like yours, but
using the Bourne shell. Using bash does indeed give the error you
describe. I wonder what is going on? I have noted this as something to
investigate.

> I'm suspecting that exim is refusing to run my queryprogram as root
> even though I beleive I've set all the options to tell it to do so.


Sorry, there are no options to tell it to do so. Maybe there should
be. Point noted. However, you could always get your script to run a
setuid program.

> I WANT TO RUN MY SCRIPTS WITH ROOT ACCESS. NONE OF MY ROUTERS,
> DIRECTORS, OR TRANPORTS use any user or address-supplied data in a
> manner which would be insecure.


Sorry you felt the need to shout....


-- 
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714



--
*** Exim information can be found at http://www.exim.org/ ***