On 4/12/05, Finn Smith <[EMAIL PROTECTED]> wrote:
> On Apr 12, 2005 6:42 AM, Tom Collins <[EMAIL PROTECTED]> wrote:
> > On Apr 12, 2005, at 12:34 AM, Finn Smith wrote:
> > >  I am currently using a .qmail-<user> file in a domain directory to
> > > pipe the contents of a message into a script on my server for local
> > > processing. Is there any way to control under which uid/gid this
> > > script executes? The reason being that it needs write access to a
> > > protected file on the system which is not accessible to my vpopmail
> > > user.
> >
> > Not really.  The programs in a .qmail file are executed with the same
> > ownership as the emailbox.
> >
> > You could set the suid-bit on the program called in the .qmail-user
> > file so that the program (or script) runs as the user you want, but
> > you'll also want to make sure that the program/script can only be
> > executed by the vpopmail user (more likely, the vchkpw group) and
> > doesn't open up any security problems.
> Thanks, Tom. This is more or less the answer I expected to get. I will
> just have to write a little suid wrapper script to handle this.

If anyone's interested, the  solution I found for this was to use sudo
and the sudoers file. I simply set it so that vpopmail could execute
my script without typing a password and so the script would be
executed as the proper user. Then I put "| sudo /path/to/my/script" in
my .qmail-<user> file. It works great.


Reply via email to