The original posting was :
>I'm using Networker 4.4 on DU 4.0b and I want to modify some notifications
>actions and in particular to do some actions needing some privielges (so as
>root).
>
>The first question could be :
>
>who is sending mail in a command as "/usr/bin/mailx -s "server's tape mount
>request 1" root ?
>
>It seems to me that it's "nobody".
>
>How to manage so that the user sending mail could be root ? For me it won't
>bring some security hole as the corresponding action could be done only
>within Networker events notfiication.
I've found the solution by myself but the guess was almost good.
When you send an e-mail, the user within sendmail is nobody for
comprehensive security reasons. So when a script is executed, it's done by
nobody who has no privilege at all, even when root is sending the e-mail.
So to resolve my NSR problem, the solution is to replace
"/usr/bin/mailx -s "server's tape mount request 1" by
"/usr/opt/..../script" where script is owned by root and executable by root
only. In the script , it's possible to add the mailx command before doing
something else.
Daniel
o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
| Daniel Clar e-mail : Daniel.Clar_at_supelec.fr |
| Computer Operations Manager : dc_at_supelec.fr |
| Service Informatique Supelec and |
| Plateau de Moulon DECUSF::CLAR_D or |
| 91192 Gif sur Yvette Cedex - France Daniel.Clar_at_decus.fr |
| Tel : (33 1) 69 85 14 87 Fax : (33 1) 69 85 12 34 |
o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
Received on Tue Mar 31 1998 - 08:39:47 NZST