Re: [gentoo-user] executing a command as a nologin user

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Fernando Rodriguez <cyklonite@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] executing a command as a nologin user
Date: Thu, 14 Jul 2016 17:19:37 -0400	[thread overview]
Message-ID: <ac11e446-603f-ec9d-23b3-f861871e988c@gmail.com> (raw)
In-Reply-To: <20160713194141.54a86f10@hal9000.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/13/2016 01:41 PM, wabe wrote:
> Fernando Rodriguez <cyklonite@gmail.com> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 07/13/2016 07:10 AM, Alan McKinnon wrote:
>>> On 12/07/2016 03:47, jens w wrote:  
>>>> .procmailrc
>>>> :0 c
>>>> * !^X-Loop: name@example.com  
>>>> | formail -X "From:" | $HOME/bin/script.sh  
>>>>
>>>> procmail.log
>>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh
>>>>
>>>> for incoming mail, a script is executed. logfile has the same
>>>> entry as it is in other users. but the script do nothing.
>>>>
>>>> How executing a command as a nologin user?
>>>>  
>>>
>>>
>>> You can't, not the way you are doing it.
>>> You want to launch a shell script for the user, but the user's
>>> shell is /sbin/nologin. This exits immediately without launching
>>> the script.
>>>
>>> Give the user a real shell.
>>>
>>> Alan
>>>   
>>
>> I've been following this thread and thinking the same thing but
>> wasn't sure.
>>
>> What if you invoke the shell directly instead of the script, either:
>> /bin/sh -c "<path to script>" or /bin/sh -c "$(cat <script>)"?
>>
>> If procmail uses the system() call to launch the script it won't work
>> but if it uses fork()/exec() or similar I think that it should work.
> 
> I don't know how procmail is launching scripts so I don't know if
> that what I say now makes sense. :-)
> 
> I tested if another regular user (lets call him user1) can execute 
> scripts that are owned by nologinuser. It works as long as the path 
> and the script itself are readable and executable by user1.
> If the script is writing stuff into /home/nologinuser then it is
> also necessary that the home directory is writable by user1.
> 
> Of course user1 hasn't executed the script as nologinuser. I don't
> know if procmail is doing so.
> 
> --
> Regards
> wabe
> 

Yes, you can execute any scripts as long as you have permissions. A program
can use the exec() family of functions to do that. But if the program calls
the system() function or similar it will try to use the user shell to execute
the command. If the shell is nologin it will refuse to do so.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXiAHpAAoJEPbOFX/5UlwciFIQAIjuF7FyCK5LSfJDuaF9TD4F
nCDABuUVQzfAKX6EneNu40EPWsgs86xFjJqOI1tDAjC0lBWzKIZnX72fR/vSylHP
qCTPCNJzFCaZ6ofjcUFfwtFDLxR2esgyCD4YUxHkQlATutzmx9kPwT/j7nxOILr0
udGYZVxJqfLLm6KL4NHOYwBe2rMMlXVQpwLoqfGffVJnJpQokZfYhgNYOaibvtMz
K8rO+9EqD4w6JBiRZOI2LVZ/+mCz/jwrLPToNaeENI2M9+kzzRalOecbQkghDSvT
rCHdgllPQJlL88I1ZaBIYcL9cbuWKrwxQDjpF5WtOlD/E9GBT4pI2IaDvIyCBCrb
lo3gWxxwZUHhIY491Y0f+BxsFsf8K2isu3I98+1zIhAXyDV5RKQGnHeRfdt0dpLs
YVko24UHw4MV+6byC1pgQ3NUHgq/tQ4adzLJRnxuPq6qxVdyCcs1IQglqLfvUGFV
H6EaJNFhOP9SyGtlAIBBCD3rRnLeWHKM01hcm2uUqgpH7WujWekTY1Mv8HOesXTd
htpvRaC8DghUz6rxK7+qsX5fm+FTQmx8v9yrPFLUvMmkdsiLUEZJfgySwlvYoBIg
7JHpPSI5lASuGkYoDA2mExPZmVKdmHBH2rMbrrZzEun5FFJMsPNa0yevcfs1XHdJ
GOAGe/y4+oMib0gkFKde
=T1mF
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2016-07-14 21:19 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-12  1:47 [gentoo-user] executing a command as a nologin user jens w
2016-07-12 14:17 ` wabe
2016-07-12 20:39   ` jens w
2016-07-12 20:54     ` Neil Bothwick
2016-07-12 21:51       ` jens w
2016-07-12 20:59     ` Alan McKinnon
2016-07-12 21:58       ` jens w
2016-07-13  1:02         ` wabe
2016-07-13 10:31           ` jens w
2016-07-15 13:50             ` Fernando Rodriguez
2016-07-13 11:10 ` Alan McKinnon
2016-07-13 11:29   ` Fernando Rodriguez
2016-07-13 16:42     ` wabe
2016-07-13 16:50       ` Alan McKinnon
2016-07-13 17:05         ` wabe
2016-07-13 20:41           ` Alan McKinnon
2016-07-13 17:41     ` wabe
2016-07-14 21:19       ` Fernando Rodriguez [this message]
2016-07-15  1:36         ` [gentoo-user] " Jonathan Callen
2016-07-15 13:45           ` Fernando Rodriguez
2016-07-15 14:20             ` Fernando Rodriguez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ac11e446-603f-ec9d-23b3-f861871e988c@gmail.com \
    --to=cyklonite@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox