Indeed qscand does NOT have a legitimate shell. The installation instructions suggest to create the user qscand with /bin/false as the shell. (BTW qmailq also has a null shell; /bin/true)
That is good ... two fewer potential entry points for the script kiddies ;-)
Anyone on the list know if this might have implications on suidperl, causing q-s.pl to fail to find quarantine-attachments.db ??
I know that this does not cause the q-s.pl to fail in its suid changes
because my systems all are running q-s.pl happily with all of these users
having a no login shell.
suidperl does not need to *log in* to the user account, but rather "tricks"
the OS into thinking that it is running as that user. The "su -c" usage
actually invokes a shell for that user. If the user's shell in /etc/passwd
is /bin/csh, that command processor would be used to run the command in the
argument. This is different from the perl processor running suid.
Sorry about the earlier confusion.
-Tom
Micha Silver writes:
[EMAIL PROTECTED] wrote:
Does qmailq have a no login shell in /etc/passwd (e.g. /bin/false, /etc/noway or something similar)?
Indeed qscand does NOT have a legitimate shell. The installation instructions suggest to create the user qscand with /bin/false as the shell. (BTW qmailq also has a null shell; /bin/true)
Anyone on the list know if this might have implications on suidperl, causing q-s.pl to fail to find quarantine-attachments.db ??
su -c logs into the account and runs the command, setuidgid doesn't log in.
BTY ... qmailq should be qscand, I have apparently confused things by using
my slim knowledge of older qmailscan versions.
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
