I am using SLES9, and have some web devs getting our website ready. They are trying to create a php form that calls sendmail (well, the sendmail "wrapper" provided by postfix) to send an email.

There is a PHP test script that, when run from the command line,
successfully sends email using the PostFix supplied sendmail command
--- BUT when run from the browser, the email does not get sent,
though it reports success.

The only difference between the two scenarios is "who" sends email -
the "nobody" user when the script is executed by the webserver, or a
dev/root/priveledged user when the script is executed from the bash
prompt.

This PROBABLY means the postfix "sendmail wrapper" (ie
/usr/sbin/sendmail) is restricted from sending emails as the "nobody"
user.

I think.

What must I do to give the "nobody" user rights? Or, is my analysis off base?

when run from the browser, the email does not get sent
...luckily you run GNU/Linux and therefore have access to all sorts of logfiles from PHP to Apache to Sendmail so you don't have to rely on translated in-browser messages.


though it reports success.
I wonder what other shortcuts your developers took.


This PROBABLY means the postfix "sendmail wrapper" (ie /usr/sbin/sendmail) is restricted from sending emails as the "nobody" user.
Run it using suPHP or PHPsuexec. Ask your web devs if the script needs to be made compatible with those.


Before you go online with the PHP stuff try to read a few threads in the Linux security forum about breaches of compromise where PHP is involved or the Security references, post #6 on PHP security.
In short at least:
- update PHP and any PHP-based apps as soon as updates are released,
- don't run (as in publicly accessable) experimental SW like for instance XAMP,
- make sure you run a hardened box,
- run mod_security, and
- have homebrewn code audited.