Alan McKinnon <[email protected]> wrote: > On 13/07/2016 18:42, wabe wrote: > > Fernando Rodriguez <[email protected]> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA256 > >> > >> On 07/13/2016 07:10 AM, Alan McKinnon wrote: > >>> On 12/07/2016 03:47, jens w wrote: > >>>> .procmailrc > >>>> :0 c > >>>> * !^X-Loop: [email protected] > >>>> | formail -X "From:" | $HOME/bin/script.sh > >>>> > >>>> procmail.log > >>>> procmail: Executing " formail -X "From:" | $HOME/bin/script.sh > >>>> > >>>> for incoming mail, a script is executed. logfile has the same > >>>> entry as it is in other users. but the script do nothing. > >>>> > >>>> How executing a command as a nologin user? > >>>> > >>> > >>> > >>> You can't, not the way you are doing it. > >>> You want to launch a shell script for the user, but the user's > >>> shell is /sbin/nologin. This exits immediately without launching > >>> the script. > >>> > >>> Give the user a real shell. > >>> > >>> Alan > >>> > >> > >> I've been following this thread and thinking the same thing but > >> wasn't sure. > > > > I don't think so. To proof it, I created this user: > > > > nologinuser:x:1015:1016::/home/nologinuser:/sbin/nologin > > > > Then I created this script: > > > > #!/bin/sh > > # > > date >> /home/nologinuser/envars.txt > > echo $HOME >> /home/nologinuser/envars.txt > > echo $PATH >> /home/nologinuser/envars.txt > > echo "-----------------------" >> /home/nologinuser/envars.txt > > > > I stored it as /var/script-nologinuser/testscript.sh. I had to store > > it at this place because /home is mounted with the noexec option on > > my system. > > > > > > Then I created a cronjob for the nologinuser user: > > > > */2 * * * * /var/script-nologinuser/testscript.sh > > > > > > The result is the file /home/nologinuser/envars.txt with this > > content: > > > > Wed Jul 13 18:10:01 CEST 2016 > > /home/nologinuser > > /usr/bin:/bin > > ----------------------- > > Wed Jul 13 18:12:01 CEST 2016 > > /home/nologinuser > > /usr/bin:/bin > > ----------------------- > > > > > > The ownership and the rights for /home/nologinuser/, > > /var/script-nologinuser/ and /var/script-nologinuser/testscript.sh > > are nologinuser:nologinuser and 700. > > > > So it seems, that it is possible to execute scripts without setting > > a shell in /etc/passwd. > > > > I don't know why it doesn't work for jens w. > > > Not so. Your script is launched by cron, running as root. It starts a > non-interactive no-login shell (that's why people have infernal > trouble with cron, assuming it has a $PATH when it actually has none)
Ok, this seems to make sense. I did another test to make sure that it works also when the script isn't executed directly by crontab. I'm not sure if this is a real proof, because the "execution chain" is started by cron. I renamed /var/script-nologinuser/testscript.sh to /var/script-nologinuser/testscript-2.sh and created a script /var/script-nologinuser/testscript.sh with this content: #!/bin/sh # /var/script-nologinuser/testscript-2.sh It also worked. -- Regards wabe
