LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-08-2006, 04:25 PM   #1
scabrous1
LQ Newbie
 
Registered: Nov 2005
Distribution: SUSE10
Posts: 15

Rep: Reputation: 0
Question user "nobody" needs rights?


I am using SLES9, and have some web devs getting our website ready. They are trying to create a php form that calls sendmail (well, the sendmail "wrapper" provided by postfix) to send an email.

There is a PHP test script that, when run from the command line,
successfully sends email using the PostFix supplied sendmail command
--- BUT when run from the browser, the email does not get sent,
though it reports success.

The only difference between the two scenarios is "who" sends email -
the "nobody" user when the script is executed by the webserver, or a
dev/root/priveledged user when the script is executed from the bash
prompt.

This PROBABLY means the postfix "sendmail wrapper" (ie
/usr/sbin/sendmail) is restricted from sending emails as the "nobody"
user.

I think.

What must I do to give the "nobody" user rights? Or, is my analysis off base?
 
Old 08-08-2006, 06:38 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
when run from the browser, the email does not get sent
...luckily you run GNU/Linux and therefore have access to all sorts of logfiles from PHP to Apache to Sendmail so you don't have to rely on translated in-browser messages.


though it reports success.
I wonder what other shortcuts your developers took.


This PROBABLY means the postfix "sendmail wrapper" (ie /usr/sbin/sendmail) is restricted from sending emails as the "nobody" user.
Run it using suPHP or PHPsuexec. Ask your web devs if the script needs to be made compatible with those.


Before you go online with the PHP stuff try to read a few threads in the Linux security forum about breaches of compromise where PHP is involved or the Security references, post #6 on PHP security.
In short at least:
- update PHP and any PHP-based apps as soon as updates are released,
- don't run (as in publicly accessable) experimental SW like for instance XAMP,
- make sure you run a hardened box,
- run mod_security, and
- have homebrewn code audited.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
user rights for harddrives, writing only in "My documents"? Tentacle Linux - General 3 12-02-2005 08:54 AM
chrooted user: "write" and "talk" don't work. ldp Linux - Software 2 04-12-2005 02:05 AM
"User" & "System" CPU load difference JJX Linux - General 3 06-06-2004 01:42 AM
Shorten a Qmail user name to "user" instead of "user@domain.com" anorman Linux - Software 0 12-12-2003 08:29 AM
User rights like "ROOT" ishwar Linux - General 13 01-04-2003 09:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration