Re: [Exim] Pipe to script permission problem

Top Page
Delete this message
Reply to this message
Author: Alberto Tablado
Date:  
To: exim-users
Subject: Re: [Exim] Pipe to script permission problem
Have you tried to SETUID the perl script?

El sáb, 17-01-2004 a las 21:14, Steve Werby escribió:
> I have limited experience with exim and the server I am working on has
> a script which is called from a pipe, but apparently is being executed
> as a user with insufficient permissions. I've spent an hour reading
> the archives, searching the web and pouring over email output, exim
> logs, exim config files and testing various changes with no success.
>
> The script is called as follows:
>
> alias@???: "|/cgi/script1.pl",alias@???
>
> script1.pl does some tasks, then executes /cgi/script2.pl. Both
> scripts are written in Perl and I'm not the author of either.
> script2.pl executes Mailman's add_members script. If script1.pl is
> called from an SSH shell while logged in as root it works fine. I
> have not tried while logged in as any other users.
>
> If called via the email pipe, the script fails. script1.pl and
> script2.pl are both chmod 755, user: mailman, group: mailman (user and
> group Mailman runs as), but I have also tried user: root, group: root
> and it fails too. When it fails, the sender receives a mail delivery
> failed email with a Mailman traceback. Here are some relevant lines.
>
>   File "/usr/local/cpanel/3rdparty/mailman/Mailman/LockFile.py", line
> 422, in __write
>     fp = open(self.__tmpfname, 'w')
> IOError: [Errno 13] Permission denied:
> '/usr/local/cpanel/3rdparty/mailman/locks/<listname>.lock.<hostname>.3
> 1027.0'

>
> /var/log/exim_mainlog contains the following line:
>
> 2004-01-17 12:02:28 1AhumB-0007VA-Pk ** |/cgi/magic_subscribe.pl
> (alias@???) <alias@???> R=virtual_aliases_nostar
> T=virtual_address_pipe: return message generated
>
> I assume virtual_aliases_nostar is the exim config file section that
> is relevant.
>
> /etc/exim.conf contains:
>
> virtual_aliases_nostar:
> driver = redirect
> allow_defer
> allow_fail
> data = ${if
> exists{/etc/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/et
> c/valiases/$domain}}}}
> file_transport = address_file
> group = mail
> pipe_transport = virtual_address_pipe
> retry_use_local_part
> domains = lsearch;/etc/localdomains
> unseen
>
> There is a file /etc/exim.conf.mailman2.dist which contains an
> identical section. I tried adding the following to /etc/exim.conf
> (and maybe /etc/exim.conf.mailman2.dist , but I don't recall), but it
> didn't solve the problem:
>
> group = mailman
> user = mailman
>
> Both conf files also contained the following line, which I tried
> commenting out, but received the same errors.
>
> never_users = root
>
> I'll be glad to provide more details if I'm told what to provide. I
> read about a debugging mode to find out what UID/GID the script is
> being run as from exim, but the steps I read failed. Can someone tell
> me how to do that? Any advice on what I need to do to get the pipe
> working?
>
> cat /etc/redhat-release
> Red Hat Linux release 9 (Shrike)
>
> uname -a
> Linux <host.tld> 2.4.20-28.9 #1 Thu Dec 18 13:45:22 EST 2003 i686 i686
> i386 GNU/Linux
>
> --
> Steve Werby
> President, Befriend Internet Services LLC
> http://www.befriend.com/
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>