Okay, I did what you said and simplified my script.
It generated a /tmp/msg823 file! So far so good.
The newly created file has UID=mail and GID=mail.
What I am trying to accomplish:
- A means for one of our users to log into a CGI webpage and set there vacation message and turn their
.forward files vaction method on.
- CGIs are run as either "nobody" or "httpd" so I can't write a CGI to handle this functionality.
- So in my CGIs I am generating an email message with all the users input about what they want their
.vacation.msg to say
- Then in the CGI I email autoreply@??? and here is where Exim jumps into action!.
- Exim picks it up and sees that "autoreply" is in /etc/aliases
- Exim then needs to run a script
- The script needs to create a file chowned as $user(the user that sent the email)
So what you where saying about setting up a director and setting the "user" attribute would work.
Note: The script is /usr/local/bin/generate_reply is 0110 so all /etc/passwd can execute it
Perhaps you could give me some pointers on writting this director and transport?
Thank You,
Joseph Kezar
Greg Ward wrote:
> On 11 October 2001, Joseph Kezar said:
> > I am struggling with this one!
> > What I need:
> > 1) When an email is sent to generate_reply@???
> > 2) It needs to run a command (ie /usr/local/bin/generate_reply)
> > 3) This command takes the email message and parses it for vital info
> > 4) this command needs to be run as root.(so it can chown $user) this
> > newly created files
> >
> > Is there a way I can set something simple up in /etc/aliases such as:
> > generate_reply: |/usr/local/bin/generate_reply
>
> Yes, that's exactly what you do. If your messages aren't getting to the
> script, try making it a simple shell script that does this:
> cat > /tmp/msg$$
>
> That will show you the ownership of files created by the pipe process,
> the exact content of what Exim feeds down the pipe, etc.
>
> This business about running as root sounds dodgy. Do you need to chown
> to *one particular* user or to *some random* user (eg. depending on the
> content of the message). If the former, I would write a special
> director and transport to handle this address -- i.e. don't make it an
> alias at all. That way you can set the exact user/group required. (If
> this is the only pipe alias you need, you can just set the user/group on
> your system_alias transport.)
>
> If you need to chown to some random user, that's tricky. I *think* I
> would write a *very very simple* setuid program (C or Perl, pick your
> poison) that does this for you. It should make sure that the running
> user/group is the mail alias user/group, that the file being chown'd is
> in the right place and with the expected name, and that the user the
> file is being chown'd to is from the right set. Then call this setuid
> program from your generate_reply script. If you're not comfortable with
> the grave security implications of writing setuid programs, find someone
> who is. (Or "man perlsec" until you are.)
>
> Greg
> --
> Greg Ward - software developer gward@???
> MEMS Exchange http://www.mems-exchange.org
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
--
Joseph Kezar