procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Procmail from the aliases file?

1997-01-06 00:12:55
from [Philip Guenther] [Permanent Link] 
Chuq Von Rospach <chuqui(_at_)plaidworks(_dot_)com> writes:

can't find an answer to this in the docs, so maybe it's not possible, but...

I want to be able to set up some filters called from the aliases file, as in:

fred: "|/ /usr/local/bin/procmail /users/mailbot/procmail.fred"

primarily to save me the hassle of setting up a "user" for every style
of procmail filter I want to create. Unfortunately, this doens't seem
to work cleanly when it comes to things like logging because sendmail
is being paranoid (correctly) about ownership and permissions.

Is there a way to convince procmail to execute out of aliases as a user
(in this case, user mailbot?) cleanly? Is there something I missed?


Yep.  From the procmail(1) manpage:

     -m    Turns procmail into a general purpose mail filter.  In
          this  mode  one rcfile must be specified on the command
          line.  After the rcfile, procmail will accept an unlim-
          ited number of arguments.  If the rcfile is an absolute
          path starting with /etc/procmailrcs/  without  backward
          references  (i.e.  the  parent directory cannot be men-
          tioned) procmail will, only if no  security  violations
          are  found,  take  on  the identity of the owner of the
          rcfile (or symbolic link).  For some advanced usage  of
          this  option  you  should  look in the EXAMPLES section
          below.

Procmail can only "take on the identity" if it was installed setuid
root, so check that first.

Assuming that's was done, move the procmailrc from
/users/mailbot/procmail.fred to /etc/procmailrcs/fred (or whatever),
chown it (/etc/procmailrcs/fred) to be owned by user mailbot, then
change the alias to read:

fred: "|/usr/local/bin/procmail -m /etc/procmailrcs/fred"

Checking the source, it appears that procmail *will* follow symlinks
from /etc/procmailrcs/whatever, so you should be able to just use a
symlink if you would prefer to leave the 'real' copy in ~mailbot,
however, since procmail uses the file owner from the lstat() system
call, the symbolic link will need to be owned by the desired user.
Changing the owner of symlinks usually requires a special flag to chown
(-h on most systems I think), so this could be considered treacherous
enough that you may want to avoid it.

Philip Guenther
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Zspam] Re: off-topic: water, water everywhere, Doug Muth
Next by Date:  handling Quoted-Printable (was: MS-->Unix incompat pointer request), Tony Nugent
Previous by Thread:  Procmail from the aliases file?, Chuq Von Rospach
Next by Thread:  Re: Procmail from the aliases file?, David W. Tamkin
Indexes:  [Date] [Thread] [Top] [All Lists]