[Exim] Pipe to script permission problem

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Steve Werby
Dátum:  
Címzett: exim-users
Tárgy: [Exim] Pipe to script permission problem
I have limited experience with exim and the server I am working on has
a script which is called from a pipe, but apparently is being executed
as a user with insufficient permissions. I've spent an hour reading
the archives, searching the web and pouring over email output, exim
logs, exim config files and testing various changes with no success.

The script is called as follows:

alias@???: "|/cgi/script1.pl",alias@???

script1.pl does some tasks, then executes /cgi/script2.pl. Both
scripts are written in Perl and I'm not the author of either.
script2.pl executes Mailman's add_members script. If script1.pl is
called from an SSH shell while logged in as root it works fine. I
have not tried while logged in as any other users.

If called via the email pipe, the script fails. script1.pl and
script2.pl are both chmod 755, user: mailman, group: mailman (user and
group Mailman runs as), but I have also tried user: root, group: root
and it fails too. When it fails, the sender receives a mail delivery
failed email with a Mailman traceback. Here are some relevant lines.

  File "/usr/local/cpanel/3rdparty/mailman/Mailman/LockFile.py", line
422, in __write
    fp = open(self.__tmpfname, 'w')
IOError: [Errno 13] Permission denied:
'/usr/local/cpanel/3rdparty/mailman/locks/<listname>.lock.<hostname>.3
1027.0'


/var/log/exim_mainlog contains the following line:

2004-01-17 12:02:28 1AhumB-0007VA-Pk ** |/cgi/magic_subscribe.pl
(alias@???) <alias@???> R=virtual_aliases_nostar
T=virtual_address_pipe: return message generated

I assume virtual_aliases_nostar is the exim config file section that
is relevant.

/etc/exim.conf contains:

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/et
c/valiases/$domain}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = lsearch;/etc/localdomains
unseen

There is a file /etc/exim.conf.mailman2.dist which contains an
identical section. I tried adding the following to /etc/exim.conf
(and maybe /etc/exim.conf.mailman2.dist , but I don't recall), but it
didn't solve the problem:

group = mailman
user = mailman

Both conf files also contained the following line, which I tried
commenting out, but received the same errors.

never_users = root

I'll be glad to provide more details if I'm told what to provide. I
read about a debugging mode to find out what UID/GID the script is
being run as from exim, but the steps I read failed. Can someone tell
me how to do that? Any advice on what I need to do to get the pipe
working?

cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)

uname -a
Linux <host.tld> 2.4.20-28.9 #1 Thu Dec 18 13:45:22 EST 2003 i686 i686
i386 GNU/Linux

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/