Re: [Exim] Running Commands

Góra strony
Delete this message
Reply to this message
Autor: Greg Ward
Data:  
Dla: Joseph Kezar
CC: exim-users
Temat: Re: [Exim] Running Commands
On 11 October 2001, Joseph Kezar said:
> I am struggling with this one!
> What I need:
> 1) When an email is sent to generate_reply@???
> 2) It needs to run a command (ie /usr/local/bin/generate_reply)
> 3) This command takes the email message and parses it for vital info
> 4) this command needs to be run as root.(so it can chown $user) this
> newly created files
>
> Is there a way I can set something simple up in /etc/aliases such as:
>   generate_reply:    |/usr/local/bin/generate_reply


Yes, that's exactly what you do. If your messages aren't getting to the
script, try making it a simple shell script that does this:
cat > /tmp/msg$$

That will show you the ownership of files created by the pipe process,
the exact content of what Exim feeds down the pipe, etc.

This business about running as root sounds dodgy. Do you need to chown
to *one particular* user or to *some random* user (eg. depending on the
content of the message). If the former, I would write a special
director and transport to handle this address -- i.e. don't make it an
alias at all. That way you can set the exact user/group required. (If
this is the only pipe alias you need, you can just set the user/group on
your system_alias transport.)

If you need to chown to some random user, that's tricky. I *think* I
would write a *very very simple* setuid program (C or Perl, pick your
poison) that does this for you. It should make sure that the running
user/group is the mail alias user/group, that the file being chown'd is
in the right place and with the expected name, and that the user the
file is being chown'd to is from the right set. Then call this setuid
program from your generate_reply script. If you're not comfortable with
the grave security implications of writing setuid programs, find someone
who is. (Or "man perlsec" until you are.)

        Greg
-- 
Greg Ward - software developer                gward@???
MEMS Exchange                            http://www.mems-exchange.org