Setuid Or Other Ideas

Home » CentOS » Setuid Or Other Ideas
CentOS 1 Comment

I’ve done lots of operations from /etc/smrsh under sendmail. I can’t say I’ve ever used setuid for this type of work; it may well suffice. Now in my case with sendmail, the scripts run as the user receiving the email locally, so I don’t need to do any of the below. I simply define the account that I want to run the script as the recipient of the message and it’s all done.

I’d suggest to run sudo and make an entry in /etc/sudoers. You want to be paranoid around any publicly visible service like email but an entry like this might work in /etc/sudoers:

mail ALL=(user2) NOPASSWD: /usr/local/ Defaults:mail !requiretty

Again, I’m not sure why you are seeing this run as the “mail” user unless that is the name of the local account, sendmail runs these kinds of scripts as the user receiving the messages. In which case, if my user was “taxinfo” it would look like

taxinfo ALL=(user2) NOPASSWD: /usr/local/ Defaults:taxinfo !requiretty

Note that the last line (Defaults…) is probably needed because there’s not an actual terminal involved when processing a background script. Try without and see if it works. Then, in /etc/smrsh/ you have

#! /bin/sh
/usr/bin/sudo -u taxinfo /usr/local/;

And in your .forward file: (don’t forget to chmod 600 this file)
| /etc/smrsh/

Good luck!

One thought on - Setuid Or Other Ideas

  • IIRC suid sets the effective user to the owner of the file. If ceres runs a setuid program owned by series, the effective user will become series. There is also a system call to make effective owner the actual owner. suid root programs often use it after they have glommed onto all the necessary resources only availale to root.