[opensuse] sendmail as non-root user
Trying to setup a couple of scripts, which part of the results are to send an email as a non-root user. Have setup postfix, and as root (sudo sendmail.....) can send a basic email through my ISPs mail server successfully. If I try and send as a non-root user, get: "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." How can I (safely and securely, without opening up anything undesirable), set this up so a standard user can send? Thanks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Bennett wrote:
Trying to setup a couple of scripts, which part of the results are to send an email as a non-root user. Have setup postfix, and as root (sudo sendmail.....) can send a basic email through my ISPs mail server successfully.
If I try and send as a non-root user, get: "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." How can I (safely and securely, without opening up anything undesirable), set this up so a standard user can send? Thanks.
---- A standard user doesn't usually invoke sendmail directly. They go through an email client like 'mailx' or a GUI like thunderbird or such. That said, a normal user "can" run sendmail to send a message without special privs -- but it isn't designed to be user friendly (no prompts). They'd have to put /usr/sbin in their path, or you could put a link for sendmail in /usr/bin -> /usr/sbin/sendmal... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 5/4/2013 7:24 PM, Linda Walsh wrote:
John Bennett wrote:
Trying to setup a couple of scripts, which part of the results are to send an email as a non-root user. Have setup postfix, and as root (sudo sendmail.....) can send a basic email through my ISPs mail server successfully.
If I try and send as a non-root user, get: "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." How can I (safely and securely, without opening up anything undesirable), set this up so a standard user can send? Thanks.
---- A standard user doesn't usually invoke sendmail directly.
They go through an email client like 'mailx' or a GUI like thunderbird or such. That said, a normal user "can" run sendmail to send a message without special privs -- but it isn't designed to be user friendly (no prompts).
They'd have to put /usr/sbin in their path, or you could put a link for sendmail in /usr/bin -> /usr/sbin/sendmal...
Since many releases ago I have scripts that just using /usr/bin/mail Its described here: http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-comman... On my machine /isr/bin/mail is a link to mailx /usr/bin/mailx is documented in man 1 mailx or on the web here See http://linux.die.net/man/1/mailx -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/05/2013 03:08 PM, John Andersen wrote:
On 5/4/2013 7:24 PM, Linda Walsh wrote:
John Bennett wrote:
Trying to setup a couple of scripts, which part of the results are to send an email as a non-root user. Have setup postfix, and as root (sudo sendmail.....) can send a basic email through my ISPs mail server successfully.
If I try and send as a non-root user, get: "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." How can I (safely and securely, without opening up anything undesirable), set this up so a standard user can send? Thanks.
A standard user doesn't usually invoke sendmail directly.
They go through an email client like 'mailx' or a GUI like thunderbird or such. That said, a normal user "can" run sendmail to send a message without special privs -- but it isn't designed to be user friendly (no prompts).
They'd have to put /usr/sbin in their path, or you could put a link for sendmail in /usr/bin -> /usr/sbin/sendmal...
Since many releases ago I have scripts that just using /usr/bin/mail Its described here: http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-comman...
On my machine /isr/bin/mail is a link to mailx
/usr/bin/mailx is documented in man 1 mailx or on the web here See http://linux.die.net/man/1/mailx
Thanks! Mail seems to have done the trick... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/04/2013 10:06 PM, John Bennett wrote:
Trying to setup a couple of scripts, which part of the results are to send an email as a non-root user. Have setup postfix, and as root (sudo sendmail.....) can send a basic email through my ISPs mail server successfully.
If I try and send as a non-root user, get: "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." How can I (safely and securely, without opening up anything undesirable), set this up so a standard user can send? Thanks.
You don't invoke sendmail, try using python http://docs.python.org/2/library/email-examples.html or ruby http://www.tutorialspoint.com/ruby/ruby_sending_email.htm I am assuming your scripts are written in some sane language (shell is explictly excluded from "sane" in year 2013 :-P) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Bennett wrote:
Trying to setup a couple of scripts, which part of the results are to send an email as a non-root user. Have setup postfix, and as root (sudo sendmail.....) can send a basic email through my ISPs mail server successfully.
If I try and send as a non-root user, get: "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." How can I (safely and securely, without opening up anything undesirable), set this up so a standard user can send?
On openSUSE 12.3, I have no problem using sendmail as long as I specify the full path, "/usr/sbin/sendmail". -- Per Jessen, Zürich (15.1°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Sun, 05 May 2013, Per Jessen wrote:
On openSUSE 12.3, I have no problem using sendmail as long as I specify the full path, "/usr/sbin/sendmail".
... and you can always alias a 'sudo /usr/sbin/sendmail -q' to e.g. 'sm'. Don't forget the corresponding entry in /etc/sudoers. HTH, -dnh -- A common mistake that people make, when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. -- Douglas Adams - Mostly Harmless -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, May 05, 2013 at 02:45:12PM +0200, David Haller wrote:
Hello,
On Sun, 05 May 2013, Per Jessen wrote:
On openSUSE 12.3, I have no problem using sendmail as long as I specify the full path, "/usr/sbin/sendmail".
... and you can always alias a 'sudo /usr/sbin/sendmail -q' to e.g. 'sm'.
Don't forget the corresponding entry in /etc/sudoers.
sudo is not needed. The message "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)." comes from either command-not-found or bash-completion and is not always true for sendmail, some commands work as user too. You can e.g. call /usr/sbin/sendmail as user to send emails, if your system is correctly setup for mail. Some other sendmail operations are not possible as user, there you need sudo / su. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Sun, 05 May 2013, Marcus Meissner wrote:
On Sun, May 05, 2013 at 02:45:12PM +0200, David Haller wrote:
... and you can always alias a 'sudo /usr/sbin/sendmail -q' to e.g. 'sm'.
Don't forget the corresponding entry in /etc/sudoers.
sudo is not needed.
For flushing the (postfix or sendmail) queue via 'sendmail -q' when you have setup either to "defer" sending mails? I'll test that with this mail. Calling it on an empty queue (with postfix) does return an exitstatus of 0...
The message "Absolute path to 'sendmail' is '/usr/sbin/sendmail', so running it may require superuser privileges (eg. root)."
comes from either command-not-found or bash-completion and is not always true for sendmail, some commands work as user too.
WTF? Stuff lives in sbin for a reason, does it not? What's cnf's or bash-completion's justification for blabbing stuff like that? Mind you: I have not installed cnf and bash-completion down to the absolute minimum: $ ls /etc/bash_completion /etc/bash_completion.d/ ls: cannot access /etc/bash_completion: No such file or directory /etc/bash_completion.d/: yast2-completion.sh zypper.sh The usual bash-completion interfered _WAY TOO MUCH_ with my work. E.g. completing only specific file-extensions(!) for mplayer and other stuff. mplayer doesn't care about extensions. Nor do I. Nor does Linux. mplayer happily plays foo.foo. Be it a mpg, mp4, wmv, ogv, wma, avi, mkv, or whatnot. But if bash-completion does not complete mpla<TAB> f<TAB> to mplayer foo_bar_a_very_long_name.foo if there's just that file in the current directory, just because .foo is not on the list of "allowed extensions for mplayer" that's just ... *GAH* Braindead. Abominable. Totally Un-Linuxy. ... Or, the most common braindeadness I stumbled upon: it would not complete directories/files as expected! That was the point where I wanted a big mallet to beat the ones responsible for that shit some sense back in, but instead I just uninstalled bash-completion completely to get back simple basic bash path completion. Later, I let it reinstall but pruned the config as above (But I do have the broken stuff saved as bash_completion.SUSE and in bash_completion.d.SUSE/ so I can get what _I_ want anytime, selectively, anytime I chose to). But, times when I'd want option completion for commands (say, rpm) are far between. Often, commands (e.g. osc (sic!) parse options following the "first unambiguous" way, using e.g. GNU getopt: ==== man 1 getopt ==== Long options may be abbreviated, as long as the abbreviation is not ambiguous. ==== (not sure if that's generally the case for getopt(3) or an option. Too lazy now to look that up. And Perl's /getopt/i Modules IIRC have similar options/defaults.
You can e.g. call /usr/sbin/sendmail as user to send emails, if your system is correctly setup for mail.
Sure, or via proxy with mail/mailx/mutt/....
Some other sendmail operations are not possible as user, there you need sudo / su.
And I think (or soonish thought), that flushing the queue is (was) one of those. -dnh -- The speed at which a mistyped command executes is directly proportional to the amount of damage done. -- Joe Zeff -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, May 05, 2013 at 04:37:22PM +0200, David Haller wrote:
Hello,
On Sun, 05 May 2013, Marcus Meissner wrote:
On Sun, May 05, 2013 at 02:45:12PM +0200, David Haller wrote:
... and you can always alias a 'sudo /usr/sbin/sendmail -q' to e.g. 'sm'.
Don't forget the corresponding entry in /etc/sudoers.
sudo is not needed.
For flushing the (postfix or sendmail) queue via 'sendmail -q' when you have setup either to "defer" sending mails? I'll test that with this mail. Calling it on an empty queue (with postfix) does return an exitstatus of 0...
You can e.g. call /usr/sbin/sendmail as user to send emails, if your system is correctly setup for mail.
Sure, or via proxy with mail/mailx/mutt/....
Some other sendmail operations are not possible as user, there you need sudo / su.
And I think (or soonish thought), that flushing the queue is (was) one of those.
Yes, that one probably needs root rights. (didnt check) Ciao, MArcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2013-05-05 at 16:47 +0200, Marcus Meissner wrote:
And I think (or soonish thought), that flushing the queue is (was) one of those.
Yes, that one probably needs root rights. (didnt check)
No, it runs fine - at least in my system. But I don't have pending mail to see if it actually works. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEUEARECAAYFAlGGdH0ACgkQtTMYHG2NR9XNRwCYvWCtPQCK5dzi1S3SbaUsUvIS DQCcC72wopMBggt1c49pgSiEN3r0VT4= =DbMy -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Sun, 05 May 2013, Marcus Meissner wrote:
On Sun, May 05, 2013 at 04:37:22PM +0200, David Haller wrote:
On Sun, 05 May 2013, Marcus Meissner wrote:
On Sun, May 05, 2013 at 02:45:12PM +0200, David Haller wrote:
... and you can always alias a 'sudo /usr/sbin/sendmail -q' to e.g. 'sm'.
Don't forget the corresponding entry in /etc/sudoers.
sudo is not needed.
For flushing the (postfix or sendmail) queue via 'sendmail -q' when you have setup either to "defer" sending mails? I'll test that with this mail. Calling it on an empty queue (with postfix) does return an exitstatus of 0... [..]
Some other sendmail operations are not possible as user, there you need sudo / su.
And I think (or soonish thought), that flushing the queue is (was) one of those.
Yes, that one probably needs root rights. (didnt check)
Apparently, one does _not_ need root rights to flush the postfix queue via '/usr/sbin/sendmail -q'. As I've just tested. And I don't think I've configured postfix in that way (and definitely not sudo). I'd call that a bug in postfix. I'm _quite_ sure it was not possible to flush the queue with sendmail without root privileges (or unless it was/is configurable in sendmail somewhere, with that beast, you can configure almost anything, right?) I'm to pished to bug, but here's what I just did as a user: - wrote the mail and sent it with mutt ==== ~/.mutt/dnh_opensuse.cf ==== set sendmail="/usr/sbin/sendmail -fdnh@opensuse.org" ==== - mailq mail queued (deferred) - /usr/sbin/sendmail -q - mailq mail sent I'll recheck on sending this mail. -dnh -- "And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports on it, you know they are just evil lies." -- Linus Torvalds -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* David Haller
Apparently, one does _not_ need root rights to flush the postfix queue via '/usr/sbin/sendmail -q'. As I've just tested. And I don't think I've configured postfix in that way (and definitely not sudo).
I'd call that a bug in postfix.
I'm _quite_ sure it was not possible to flush the queue with sendmail without root privileges (or unless it was/is configurable in sendmail somewhere, with that beast, you can configure almost anything, right?)
I'm to pished to bug, but here's what I just did as a user:
- wrote the mail and sent it with mutt ==== ~/.mutt/dnh_opensuse.cf ==== set sendmail="/usr/sbin/sendmail -fdnh@opensuse.org" ==== - mailq mail queued (deferred) - /usr/sbin/sendmail -q - mailq mail sent
I'll recheck on sending this mail.
While perhaps un-noticed, flushing postfix's queue has been possible since pre-11.2 and maybe much earlier. I have routinely checked that suspect mail posted properly for some number of years flushing the queue. Old-timers memory percludes more exact reporting of the time-frame. :^) -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2013-05-05 at 11:40 -0400, Patrick Shanahan wrote:
* David Haller <> [05-05-13 11:34]:
I'll recheck on sending this mail.
While perhaps un-noticed, flushing postfix's queue has been possible since pre-11.2 and maybe much earlier. I have routinely checked that suspect mail posted properly for some number of years flushing the queue.
Old-timers memory percludes more exact reporting of the time-frame. :^)
Yes, "sendmail -q" with postfix has always worked as user. "Always" means "as far as I remember", not really "always" ;-) Postfix security developers are security conscious, so I'm sure they consider this safe, that is is not something they did not think about. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlGGh7EACgkQtTMYHG2NR9WK6ACdHzSk954V/8X6N2K7d6sQVgjh EGsAnima8sPRVZso6UrilNkcD2ijaXh0 =Y6mA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Sun, 05 May 2013, Carlos E. R. wrote:
On Sunday, 2013-05-05 at 11:40 -0400, Patrick Shanahan wrote:
* David Haller <> [05-05-13 11:34]:
I'll recheck on sending this mail.
Same again ...
While perhaps un-noticed, flushing postfix's queue has been possible since pre-11.2 and maybe much earlier. I have routinely checked that suspect mail posted properly for some number of years flushing the queue.
I'd call that a bug ;) A "mailq" is fine IMO, but e.g. a "/usr/sbin/postcat <ID>" should rightly be restricted to root and the owner of that mail. Or just root.
Old-timers memory percludes more exact reporting of the time-frame. :^)
Well, I've been using sendmail until recently, and Sandy Drobic, who might know what's up, seems to have gone missing ...
Yes, "sendmail -q" with postfix has always worked as user. "Always" means "as far as I remember", not really "always" ;-)
See above: it should be a bug that random users can flush the queue.
Postfix security developers are security conscious, so I'm sure they consider this safe, that is is not something they did not think about.
Weird. I'd consider that as a security issue that anybody can flush the queue. And again, AFAIR, with sendmail, you couldn't. -dnh -- William, tell me somethin'. Have you come because you need my help to save a certain distressin' damsel? Or... rather a damsel in distress? Either one... -- Jack Sparrow, Pirates of the Carribean: At World's End -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (9)
-
Carlos E. R. -
Cristian Rodríguez -
David Haller -
John Andersen -
John Bennett -
Linda Walsh -
Marcus Meissner -
Patrick Shanahan -
Per Jessen