By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,877 Members | 1,064 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,877 IT Pros & Developers. It's quick & easy.

Sendmail

P: n/a
I submitted this to comp.mail.sendmail, but maybe someone here can help me
as well.

OK, this has most likely been asked and answered several times, but I am
still confused after searching. Here is the background and situation:

Background:
I know nothing about sendmail. It is being set up on the system by someone
else on a Red Hat Linux system.
I know Unix, but it has been a while and I am not an expert on that OS.
I have programmed for a long time, but am relatively new to web programming.

The Task:
From a web page take the user's information and, among other things,
-- create a sendmail account
but
-- not have shell access. Only have access to the mail.

Path:
I will be using php and so the Apache account will have sufficient
privilages to run a shell script to create the account.

Questions:
-- Where can I find a script to do this?
-- What do I have to do to deny access to everything except the email?

Any help for this newbie would be greatly appreciated.

Shelly
Jan 2 '06 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Shelly wrote:
I submitted this to comp.mail.sendmail, but maybe someone here can help me
as well.

OK, this has most likely been asked and answered several times, but I am
still confused after searching. Here is the background and situation:


Yes, you asked it here on 12/28. Did you check those answers?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jan 2 '06 #2

P: n/a

"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:VP******************************@comcast.com. ..
Shelly wrote:
I submitted this to comp.mail.sendmail, but maybe someone here can help
me as well.

OK, this has most likely been asked and answered several times, but I am
still confused after searching. Here is the background and situation:


Yes, you asked it here on 12/28. Did you check those answers?


Yes, I did, but was still confused by the answers. That was why I reposted
with the specifics in, what I hoped, was clearer descriptive language.

After posting, I continued with some intensive searching. I think I
understand now, but would like some verification.

1 - Create the account with an adduser command. (The php would be either a
system() or exec() command to run that command.) It has to be in the passwd
account, but doesn't need to have a shell script.

2 - Have the adduser -D so that would limit these users. This would be done
one time by the root account at the box itself.

3 - Also, have the shell script for the accounts set to /bin/false. This
could also be done from php spawning a system() or exec(0 command.

Did I finally get it straight?

Shelly
Jan 2 '06 #3

P: n/a
On Sun, 01 Jan 2006 23:07:28 -0500, Shelly wrote:

"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:VP******************************@comcast.com. ..
Shelly wrote:
I submitted this to comp.mail.sendmail, but maybe someone here can help
me as well.

OK, this has most likely been asked and answered several times, but I am
still confused after searching. Here is the background and situation:

Yes, you asked it here on 12/28. Did you check those answers?


Yes, I did, but was still confused by the answers. That was why I reposted
with the specifics in, what I hoped, was clearer descriptive language.

After posting, I continued with some intensive searching. I think I
understand now, but would like some verification.

1 - Create the account with an adduser command. (The php would be either a
system() or exec() command to run that command.) It has to be in the passwd
account, but doesn't need to have a shell script.

BUT php would have to run as root to successfully complete, which is a
HUGE security hole.
2 - Have the adduser -D so that would limit these users. This would be
done one time by the root account at the box itself.

3 - Also, have the shell script for the accounts set to /bin/false. This
could also be done from php spawning a system() or exec(0 command. Try man adduser to note that these 3 steps need to be done in a single
command.
Did I finally get it straight?

Shelly

Like I said over in comp.mail.sendmail, what mailstore are you using, and
what kind of authentication... database, ldap, os, write your own, etc?

Steve

Jan 2 '06 #4

P: n/a
Shelly wrote:
"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:VP******************************@comcast.com. ..
Shelly wrote:
I submitted this to comp.mail.sendmail, but maybe someone here can help
me as well.

OK, this has most likely been asked and answered several times, but I am
still confused after searching. Here is the background and situation:

Yes, you asked it here on 12/28. Did you check those answers?

Yes, I did, but was still confused by the answers. That was why I reposted
with the specifics in, what I hoped, was clearer descriptive language.


Than you should ask more questions in that thread, not start a new one!
After posting, I continued with some intensive searching. I think I
understand now, but would like some verification.

1 - Create the account with an adduser command. (The php would be either a
system() or exec() command to run that command.) It has to be in the passwd
account, but doesn't need to have a shell script.

2 - Have the adduser -D so that would limit these users. This would be done
one time by the root account at the box itself.

3 - Also, have the shell script for the accounts set to /bin/false. This
could also be done from php spawning a system() or exec(0 command.

Did I finally get it straight?

To a certain extent. But as Steve indicted, it all depends on the mail
program you're using (sendmail SENDS mail - it doesn't handle mail
USERS), the kind of authentication...

My suggestion is for you to find a Linux admin to help you in this area.
You need to understand the basic authentication your system is using,
and (especially) the huge security hold which results from running PHP
as root.
Shelly

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jan 2 '06 #5

P: n/a
The security hole can be covered by simply writing a file to an area
and having a cron job detecting it and doing the account creation and
then deleting it.

Jan 2 '06 #6

P: n/a
"Shelly" <sh************@asap-consult.com> wrote in
news:OJ******************************@comcast.com:
I submitted this to comp.mail.sendmail, but maybe someone here can
help me as well.

OK, this has most likely been asked and answered several times, but
I am still confused after searching. Here is the background and
situation:

Background:
I know nothing about sendmail. It is being set up on the system by
someone else on a Red Hat Linux system.
I know Unix, but it has been a while and I am not an expert on that
OS. I have programmed for a long time, but am relatively new to web
programming.

The Task:
From a web page take the user's information and, among other things,
-- create a sendmail account
This shouldn't be needed. My servers are set up so that "nobody" is
the username for the server. By not specifying the From: header, mail
appears to come from "no****@server.domain." You can build your own
From: header using the email and name gathered by a form, just don't
forget to look into header injection and come up with some method of
verifying proper usage as spammers can use your mail form if you don't
protect it in some manner.
but
-- not have shell access. Only have access to the mail.

Path:
I will be using php and so the Apache account will have sufficient
privilages to run a shell script to create the account.
Have you confirmed this with your server administrator? I am the only
person that can create any type of account on my servers.
Questions:
-- Where can I find a script to do this?
Lookup the mail function.
-- What do I have to do to deny access to everything except the
email?


Nothing. If your server administrator has done his/her job, it's
already done.

--
Stan McCann "Uncle Pirate" http://stanmccann.us/pirate.html
Webmaster/Computer Center Manager, NMSU at Alamogordo
http://alamo.nmsu.edu/ There are 10 kinds of people.
Those that understand binary and those that don't.
Jan 2 '06 #7

P: n/a
On Mon, 02 Jan 2006 08:01:39 -0800, Shelly wrote:
The security hole can be covered by simply writing a file to an area
and having a cron job detecting it and doing the account creation and
then deleting it.

This can be completely avoided by actually doing some analysis and design
before starting programming. I've been trying to point out that there are
far more workable solutions to the one you're suggesting.

M$ has a lot to answer for.

Steve
BTW sendmail's prime purpose is sending and *receiving* mail, but not
storing it.
Jan 3 '06 #8

This discussion thread is closed

Replies have been disabled for this discussion.