On Mon, 16 Mar 1998, Philip Hazel wrote:
> Date: Mon, 16 Mar 1998 10:15:52 +0000 (GMT)
> From: Philip Hazel <ph10@???>
> To: djc@???
> Cc: exim-users@???
> Subject: Re: [EXIM] queryprogram shell script?
>
> On Fri, 13 Mar 1998, Dave C. wrote:
>
> > I specifically set never_users to "halt" so that root would not be a
> > never user.
>
> never_users applies only to the running of local transports. It does not
> apply to running routers.
>
> > my_router:
> > driver = queryprogram
> > self = send
> > domains = process.my.domain
> > command = "/path/to/program $local_part"
> > transport = my_transport
> >
> > /path/to/program:
> >
> > #!/bin/sh
> > echo "OK + + + +"
> > exit 0
> >
> > I keep getting:
> >
> > bad command yield: shell-init: could not get current directory: getwd:
> > cannot access parent directories\nOK + + + +
> >
> > from this router doing a -v queue run ???
> >
> > A. Why can't bash access its current directory or parent directories?
> > Even if it is running as nobody, it should be in a directory that is at
> > least mode 755, readable to all UIDS including "nobody".
>
> I can't answer the question, I'm afraid.
I guess its some weird bug in bash.. sigh.. Bash is also the only
Bourne-shell equivalent available, and its what I write all my scripts
in.
> It will be running as "nobody". See the specification of the
> queryprogram router, where it says:
>
> The command is run as 'nobody'. If the main configuration has not defined a
> user and group for 'nobody', then it is looked up using getpwnam(). If this
> fails, the router fails and the message is frozen.
I wonder if I define "nobody" as UID 0 that would help...
> In tests, I have no problem running a small shell script like yours, but
> using the Bourne shell. Using bash does indeed give the error you
> describe. I wonder what is going on? I have noted this as something to
> investigate.
>
> > I'm suspecting that exim is refusing to run my queryprogram as root
> > even though I beleive I've set all the options to tell it to do so.
>
> Sorry, there are no options to tell it to do so. Maybe there should
> be. Point noted. However, you could always get your script to run a
> setuid program.
Yes, but my code is written in shell, not anything that can be setuid..
> > I WANT TO RUN MY SCRIPTS WITH ROOT ACCESS. NONE OF MY ROUTERS,
> > DIRECTORS, OR TRANPORTS use any user or address-supplied data in a
> > manner which would be insecure.
>
> Sorry you felt the need to shout....
Sigh.. This is part of a project that has already been delayed several
times, and its starting to frustrate me. I will note its my first
frustration with exim however.. Maybe I can work around it somehow..
>
> --
> Philip Hazel University Computing Service,
> ph10@??? New Museums Site, Cambridge CB2 3QG,
> P.Hazel@??? England. Phone: +44 1223 334714
>
>
--
*** Exim information can be found at
http://www.exim.org/ ***