Recipe 2.11 Allowing Nonlogin Users to Forward to Programs

Previous page
Table of content
Next page

Recipe 2.11 Allowing Nonlogin Users to Forward to Programs

Problem

You want to allow users who have not been given a valid login shell to forward mail to programs.

Solution

Add /SENDMAIL/ANY/SHELL/ to the /etc/shell file. For example: 

 #  echo /SENDMAIL/ANY/SHELL/ >> /etc/shells

Discussion

Users' home directories can be located on an NFS file server that is configured to allow the user to mount the home directory but is not configured to allow the user to log in. Therefore, the user is not given a valid login shell. A user needs a valid login shell in order to forward mail to a program. Even when smrsh is used, as described in Chapter 10, adding programs to the smrsh program directory is not enough to make those programs available to the user if the user does not have a valid login shell.

sendmail considers a valid shell to be any shell listed in the /etc/shells file. If the system does not have an /etc/shells file, a default list of shells, defined by the DefaultUserShells variable in the sendmail source code, is used. If the shell in the user's /etc/passwd entry is not a valid shell, sendmail refuses to run a program from the user's .forward file.

Some NFS servers are configured to allow mounting of home directories while denying login access. A user's /etc/passwd entry on such a server contains something like /sbin/ nologin or /bin/false as the user's login shell. These "nonlogin" shells should never be listed in /etc/shells . Thus, sendmail does not find the user's shell in /etc/shells and refuses to run the program the user has placed in the .forward file.

Place the string /SENDMAIL/ANY/SHELL/ in the /etc/shells file to tell sendmail that it should run the program from the user's .forward file, even if the user does not have a valid login shell. This recipe adds the entry to the end of an existing /etc/shells file. If your system does not have an /etc/shells file, the echo command shown in the Solution section creates one that contains the required string.

When smrsh is used, putting /SENDMAIL/ANY/SHELL/ in /etc/shells doesn't change the fact that only programs found in the smrsh program directory will execute. The valid login shell requirement is in addition to the smrsh requirement. The /SENDMAIL/ANY/SHELL/ string bypasses the valid login shell requirement; it does not bypass the smrsh configuration requirement. Because /SENDMAIL/ANY/SHELL/ bypasses a security check, it should be used only when it is absolutely necessary.

See Also

The cf/README file covers the use of /SENDMAIL/ANY/SHELL/ in the /etc/shells file.


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
Beginning Cryptography with Java
C++ How to Program (5th Edition)
Java How to Program (6th Edition) (How to Program (Deitel))
Junos Cookbook (Cookbooks (OReilly))
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy