Chuq Von Rospach <chuqui(_at_)plaidworks(_dot_)com> writes:
can't find an answer to this in the docs, so maybe it's not possible, but...
I want to be able to set up some filters called from the aliases file, as in:
fred: "|/ /usr/local/bin/procmail /users/mailbot/procmail.fred"
primarily to save me the hassle of setting up a "user" for every style
of procmail filter I want to create. Unfortunately, this doens't seem
to work cleanly when it comes to things like logging because sendmail
is being paranoid (correctly) about ownership and permissions.
Is there a way to convince procmail to execute out of aliases as a user
(in this case, user mailbot?) cleanly? Is there something I missed?
Yep. From the procmail(1) manpage:
-m Turns procmail into a general purpose mail filter. In
this mode one rcfile must be specified on the command
line. After the rcfile, procmail will accept an unlim-
ited number of arguments. If the rcfile is an absolute
path starting with /etc/procmailrcs/ without backward
references (i.e. the parent directory cannot be men-
tioned) procmail will, only if no security violations
are found, take on the identity of the owner of the
rcfile (or symbolic link). For some advanced usage of
this option you should look in the EXAMPLES section
Procmail can only "take on the identity" if it was installed setuid
root, so check that first.
Assuming that's was done, move the procmailrc from
/users/mailbot/procmail.fred to /etc/procmailrcs/fred (or whatever),
chown it (/etc/procmailrcs/fred) to be owned by user mailbot, then
change the alias to read:
fred: "|/usr/local/bin/procmail -m /etc/procmailrcs/fred"
Checking the source, it appears that procmail *will* follow symlinks
from /etc/procmailrcs/whatever, so you should be able to just use a
symlink if you would prefer to leave the 'real' copy in ~mailbot,
however, since procmail uses the file owner from the lstat() system
call, the symbolic link will need to be owned by the desired user.
Changing the owner of symlinks usually requires a special flag to chown
(-h on most systems I think), so this could be considered treacherous
enough that you may want to avoid it.