Recipe 2.11 Allowing Nonlogin Users to Forward to ProgramsProblemYou want to allow users who have not been given a valid login shell to forward mail to programs. SolutionAdd /SENDMAIL/ANY/SHELL/ to the /etc/shell file. For example: # echo /SENDMAIL/ANY/SHELL/ >> /etc/shells DiscussionUsers' home directories can be located on an NFS file server that is configured to allow the user to mount the home directory but is not configured to allow the user to log in. Therefore, the user is not given a valid login shell. A user needs a valid login shell in order to forward mail to a program. Even when smrsh is used, as described in Chapter 10, adding programs to the smrsh program directory is not enough to make those programs available to the user if the user does not have a valid login shell. sendmail considers a valid shell to be any shell listed in the /etc/shells file. If the system does not have an /etc/shells file, a default list of shells, defined by the DefaultUserShells variable in the sendmail source code, is used. If the shell in the user's /etc/passwd entry is not a valid shell, sendmail refuses to run a program from the user's .forward file. Some NFS servers are configured to allow mounting of home directories while denying login access. A user's /etc/passwd entry on such a server contains something like /sbin/ nologin or /bin/false as the user's login shell. These "nonlogin" shells should never be listed in /etc/shells . Thus, sendmail does not find the user's shell in /etc/shells and refuses to run the program the user has placed in the .forward file. Place the string /SENDMAIL/ANY/SHELL/ in the /etc/shells file to tell sendmail that it should run the program from the user's .forward file, even if the user does not have a valid login shell. This recipe adds the entry to the end of an existing /etc/shells file. If your system does not have an /etc/shells file, the echo command shown in the Solution section creates one that contains the required string. When smrsh is used, putting /SENDMAIL/ANY/SHELL/ in /etc/shells doesn't change the fact that only programs found in the smrsh program directory will execute. The valid login shell requirement is in addition to the smrsh requirement. The /SENDMAIL/ANY/SHELL/ string bypasses the valid login shell requirement; it does not bypass the smrsh configuration requirement. Because /SENDMAIL/ANY/SHELL/ bypasses a security check, it should be used only when it is absolutely necessary. See AlsoThe cf/README file covers the use of /SENDMAIL/ANY/SHELL/ in the /etc/shells file. |