Welcome, Guest
Please Login or Register.
Lost Password?
Virtualmin Forum English Virtualmin
Re:alias \'feed to program\': permission denied (1 viewing)
Post Reply

TOPIC: Re:alias \'feed to program\': permission denied
#15672
kato (User)
Posts: 120
graphgraph
alias 'feed to program': permission denied 2008/08/14 08:26  
Hello!

I'm having a problem figuring out how to get the 'feed to program' option working for one user's aliases. The problem seems to be that the script is in the user's home directory, which isn't readable by postfix.

Postfix can, of course, access the Maildirs. I assume this is because it changes the uid when a user logs in or when it delivers mail, which make some sense.

However, the 'feed to program' option doesn't seem to take advantage of this.

Would someone be willing to educate me on what I need to do? Here's my setup:

alias: devbot@sitename.com -> 'Feed to script' -> /home/users/jsmith/domains/sitename.com/includes/scriptname.php

Code:

 
[jsmith@server ~]$ pwd
/home/users/jsmith
[jsmith@server ~]$ ls -lad
drwxr-x---  21 jsmith jsmith 4096 Aug 14 08:54 .
[jsmith@server ~]$ cd domains/
[jsmith@server domains]$ ls -lad
drwxr-xr-x  10 jsmith jsmith 4096 Aug  8 21:54 .
[jsmith@server domains]$ cd sitename.com/
[jsmith@server sitename.com]$ ls -lad
drwxr-x---  12 jsmith jsmith 4096 Aug 14 00:03 .
[jsmith@server sitename.com]$ cd includes/
[jsmith@server includes]$ ls -la scriptname.php
-rwxr-xr-x  1 jsmith jsmith 4269 Aug 14 08:59 scriptname.php
[jsmith@server includes]$



Post edited by: kato, at: 2008/08/14 08:27
Operating system CentOS Linux 4.6
Webmin version 1.420
Virtualmin version 3.60 (Pro)
Kernel and CPU Linux 2.6.9-67.0.22.ELsmp on i686
  The administrator has disabled public write access.
#15699
kato (User)
Posts: 120
graphgraph
Re:alias 'feed to program': permission denied 2008/08/15 07:49  
C'mon, gimme some love! :)

Here's what I see in the logs:
Code:

 
Aug 15 09:45:48 server local[26556]: fatal: execvp /home/users/jsmith/domains/jsmith.com/includes/egate_helpdesk.php: Permission denied
Aug 15 09:45:49 server postfix/local[26521]: E8562D00ED: to=<devbot-jsmith.com@server.zenovations.com>, orig_to=<devbot@jsmith.com>, relay=local, delay=2, status=bounced (Command died with status 1: "/home/users/jsmith/domains/jsmith.com/includes/egate_helpdesk.php". Command output: local: fatal: execvp /home/users/jsmith/domains/jsmith.com/includes/egate_helpdesk.php: Permission denied )



Anyone want to help me figure out how to make scripts run in the user's home directory?
Operating system CentOS Linux 4.6
Webmin version 1.420
Virtualmin version 3.60 (Pro)
Kernel and CPU Linux 2.6.9-67.0.22.ELsmp on i686
  The administrator has disabled public write access.
#15701
andreychek (Moderator)
Posts: 581
graphgraph
Re:alias 'feed to program': permission denied 2008/08/15 09:54  
Yeah, it looks like that's being executed from within Postfix, and perhaps before being passed off to procmail.

So two thoughts.

One, you could use a procmail rule to execute it rather than using the Postfix alias -- which should execute as that user.

Second, and a bit less secure, you could make all the directories between /home/users/jsmith and /home/users/jsmith/domains/jsmith.com/includes/ world executable, which all allow processes to traverse your directory structure.

You can make a directory world executable by typing: chmod o+x /path/to/dir

The problem there is that anyone can now get there, not just Postfix. That said, since it's just executable and not readable, someone typing "ls" won't see anything.

So, procmail is the safer and more secure option. Changing the permissions may be the easier one :-)
-Eric
  The administrator has disabled public write access.
#15702
kato (User)
Posts: 120
graphgraph
Re:alias 'feed to program': permission denied 2008/08/15 10:31  
Hi Eric

Thanks! So procmail...

I looked over the procmail options in webmin and decided this is beyond my skill. I'll have a looksee at what Google can teach me. Would you be willing to help me get off on the right foot?

I presume this is what I'm looking for:

  1. tell Postfix to deliver normally (to a Maildir?)

  2. switch over to webmin and go to Procmail server

  3. enter some voodoo magic in "Create Action"... maybe a regexp that searches for From: devbot@jsmith.com?



Any tips on what I'm trying to do here? Check "Action program is a filter"? "Feed headers/body to destination?"
Operating system CentOS Linux 4.6
Webmin version 1.420
Virtualmin version 3.60 (Pro)
Kernel and CPU Linux 2.6.9-67.0.22.ELsmp on i686
  The administrator has disabled public write access.
#15704
andreychek (Moderator)
Posts: 581
graphgraph
Re:alias 'feed to program': permission denied 2008/08/16 07:07  
Hi Kato,

Sorry, I haven't had a chance to go through and get a handle on how the procmail building works within Webmin/Usermin. So I'm just sort of thinking out loud here :-)

Yes, in theory, what you're saying above is correct... given a particular user, you'd want to make a regexp that looks for a given From address.

Also, I'm pretty sure you can give users rights to do this from within Usermin, rather than going into the Procmail server section of Webmin. Once you log into Virtualmin, click Webmin -> Usermin Configuration -> Available Modules, then make sure "Procmail Mail Filter" is there. If you want to limit who can acccess Procmail, you can use the "Module Restrictions" section for that.

In the end, once you configure things the way you need, it would end up adding something like this to the procmail file:

Code:

 
:0:
* From:.*devbot@jsmith.com
| /home/users/jsmith/domains/jsmith.com/includes/egate_helpdesk.php



I hope that helps in getting your started! :-)
-Eric
  The administrator has disabled public write access.
#15705
kato (User)
Posts: 120
graphgraph
Re:alias 'feed to program': permission denied 2008/08/16 07:10  
Awesome, thanks.

I think I'll add that to the procmail file, then log into virtualmin and see what shows up :)
Operating system CentOS Linux 4.6
Webmin version 1.420
Virtualmin version 3.60 (Pro)
Kernel and CPU Linux 2.6.9-67.0.22.ELsmp on i686
  The administrator has disabled public write access.
Post Reply
get the latest posts directly to your desktop

Learn

About
Documentation
FAQ
Compare

Talk and Get Help

Support
Forums
Bugs and Issues

See It In Action

Screenshots
Video Introduction
Demo

Get Virtualmin

OS Support
Buy Online
Download
 Copyright 2005-2007 Virtualmin, Inc. All rights reserved.