procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: starting sendmail without user login shell [was: no vacation sent]

2006-12-29 00:58:23
from [Professional Software Engineering] [Permanent Link] 
At 19:18 2006-12-28 +0000, Ryan Steele wrote:

Dallman Ross <dman <at> nomotek.com> writes:



On Wed, Dec 13, 2006 at 04:44:41PM +0100, Markus Krause wrote:

after intensive debugging i found the reason for the problem described
below: to prevent users from logging in directly to our mail server
all shells for the users are set to /bin/false. but obviously sendmail
needs a real shell.


Not applicable to your problem here, but in my experience, a better shell 
is a simple stub program which outputs a "shell access to this account is 
not permitted." message.  Crank out a simple program, add it to the 
/etc/shells list, and specify that as the user shell when setting up their 
account (I have one for FTP-only accounts for instance).  This basically 
reminds the clueless user why they can't log in.


Does anyone know why it explicitly needs a shell to invoke 
sendmail?  Can't that be done through a system call?


I was under the impression that anything which didn't have shell metas in 
it didn't involve using the shell anyway.  However, I haven't done much 
spelunking in the procmail source lately.

worth note is that execv is one of the functions used for starting other 
processes.  see 'man execv'.  note the FILES section, then read the 
DESCRIPTION section where you should see how if the header of a file isn't 
recognized, the SHELL is invoked.

Are you, by any chance, running on a system which doesn't actually have a 
REAL sendmail binary, but instead has a shell script set up to invoke some 
alternate MSA/MTA with appropriate argument translation?  If so, I could 
easily see that requiring invocation of a shell, because you're not loading 
an elf binary or whatnot.

---
  Sean B. Straw / Professional Software Engineering

  Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
  Please DO NOT carbon me on list replies.  I'll get my copy from the list.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: starting sendmail without user login shell [was: no vacation sent], Ryan Steele
Next by Date:  Calling procmail from postfix doesn't work, M. Fioretti
Previous by Thread:  Re: starting sendmail without user login shell [was: no vacation sent], Ryan Steele
Next by Thread:  Re: starting sendmail without user login shell [was: no vacation sent], Ryan Steele
Indexes:  [Date] [Thread] [Top] [All Lists]