On 4/12/05, Finn Smith <[EMAIL PROTECTED]> wrote: > On Apr 12, 2005 6:42 AM, Tom Collins <[EMAIL PROTECTED]> wrote: > > On Apr 12, 2005, at 12:34 AM, Finn Smith wrote: > > > I am currently using a .qmail-<user> file in a domain directory to > > > pipe the contents of a message into a script on my server for local > > > processing. Is there any way to control under which uid/gid this > > > script executes? The reason being that it needs write access to a > > > protected file on the system which is not accessible to my vpopmail > > > user. > > > > Not really. The programs in a .qmail file are executed with the same > > ownership as the emailbox. > > > > You could set the suid-bit on the program called in the .qmail-user > > file so that the program (or script) runs as the user you want, but > > you'll also want to make sure that the program/script can only be > > executed by the vpopmail user (more likely, the vchkpw group) and > > doesn't open up any security problems. > > Thanks, Tom. This is more or less the answer I expected to get. I will > just have to write a little suid wrapper script to handle this.
If anyone's interested, the solution I found for this was to use sudo and the sudoers file. I simply set it so that vpopmail could execute my script without typing a password and so the script would be executed as the proper user. Then I put "| sudo /path/to/my/script" in my .qmail-<user> file. It works great. -F
