[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] /etc/aliases
- Subject: Re: [cobalt-users] /etc/aliases
- From: Ian Fantom <ian@xxxxxxxxxxxxxxxxxx>
- Date: Tue Feb 13 10:01:04 2001
- Organization: mintex
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I wrote (on piping emails):
> It is a known problem, relating to sendmail. It used to work on my
> NetBSD system, but now it doesn't. Sendmail has to be configured for
> this. I found a bit about it in a book in the local bookshop, and it
> looked horrendous. I'd already tried playing about with the quotes.
>
> I'll be interested in the answer because I'll eventually want to do the
> same thing myself on the RaQ. Possibly worth reposting under 'sendmail
> piping'?
and now I've just found a snippet from a FAQ - I don't know where from
though. I don't think it solved the problem I'd been having, when it
interpreted the pipe as an email address, but here it is anyway:
------------------------------------------------------------
Q3.11 -- Why can't my users forward their mail to a program?
Date: July 9, 1996
Updated: November 19, 1999
I just upgraded to version 8 sendmail and now when my users try to
forward
their mail to a program they get an "illegal shell" or "cannot mail to
programs" message and their mail is not delivered. What's wrong?
In order for people to be able to run a program from their .forward
file,
version 8 sendmail insists that their shell (that is, the shell listed
for
that user in the passwd entry) be a "valid" shell, meaning a shell
listed in
/etc/shells. If /etc/shells does not exist, a default list is used,
typically consisting of /bin/sh and /bin/csh.
This is to support environments that may have NFS-shared directories
mounted
on machines on which users do not have login permission. For example,
many
people make their file server inaccessible for performance or security
reasons; although users have directories, their shell on the server is
/usr/local/etc/nologin or some such. If you allowed them to run programs
anyway you might as well let them log in.
If you are willing to let users run programs from their .forward file
even
though they cannot telnet or rsh in (as might be reasonable if you run
smrsh
to control the list of programs they can run) then add the line:
/SENDMAIL/ANY/SHELL/
to /etc/shells. This must be typed exactly as indicated, in caps, with
the
trailing slash.
NOTA BENE: DO NOT list /usr/local/etc/nologin in /etc/shells -- this
will
open up other security problems.
IBM AIX does not use /etc/shells -- a list of allowable login shells is
contained, along with many other login parameters, in
/etc/security/login.cfg. You can copy the information in the "shells="
stanza into a /etc/shells on your system so sendmail will have something
to
use. Do NOT add "/usr/lib/uucp/uucico" or any other non-login shell into
/etc/shells.
Also note that there are some weird things that AFS throws into the mix,
and
these can keep a program from running or running correctly out of
.forward
files or the system-wide aliases.
-------------------------------------------------------
Regards,
Ian Fantom.