HPE Community
Operating System - HP-UX
1821980 Members
3099 Online
109638 Solutions
New Discussion юеВ

running unix commands from mail

 
SOLVED
Go to solution
PatRoy
Regular Advisor

тАО05-29-2008 09:22 AM

тАО05-29-2008 09:22 AM

running unix commands from mail


Hiya. Can anyone advise... I've heard there was some way on *nix systems to send an email (as a regular user) to an account (i.e. root) and have it automatically run commands in that email from that account (i.e root)... if such a thing exists.. does anyone know where to look?

Thanks a bunch! Pat
0 Kudos
8 REPLIES 8
TTr
Honored Contributor

тАО05-29-2008 09:33 AM

тАО05-29-2008 09:33 AM

Re: running unix commands from mail

I don't know if there is a package that does this for you but I don't think you need anything to setup something like this. You simply have to parse a specific email for some key phrase and run whetever it is that you are trying to do.

Note that it is dangerous to have root waiting for an email that triggers something to be executed. It is a major security vulnerability.

Other than that you can write a script that utilizes the root's mailbox or is invoked by the .forward file to process incoming mail and perform some action.

Procmail may also be useful.
0 Kudos
blah2blah
Frequent Advisor

тАО05-29-2008 10:21 AM

тАО05-29-2008 10:21 AM

Re: running unix commands from mail

first there is the "it isn't suppose to work this way" kind of things. The best way to avoid this to stay current on your system patches and keep up to date on security notices.

then there is the "i want to configure sendmail to do/don't do this". This would be set up in the sendmail configuration file.

here is a doc on configuring sendmail: http://docs.hp.com/en/5991-6611/ch02s01.html

in the configuration file you need to look for the mailer that executes programs. something like Prog: followed by the location of a shell program, /usr/bin/ksh.

then you need to look for mail addresses with a syntax like this "| command". this can be in the config file, the aliases file, user dot files (aliases, includes, forwords).

there are many settings for making sendmail more secure. Read the documentation on the sendmail configuration file. And, you can always search the web for security and sendmail.
0 Kudos
Steven Schweda
Honored Contributor

тАО05-29-2008 10:26 AM

тАО05-29-2008 10:26 AM

Solution

Re: running unix commands from mail

"man aliases", look for:

| command-line

Normally, some additional work is required,
as "root" may still wish to receive e-mail
normally, and it would be extremely foolish
to let any peon run any command as "root"
simply by sending e-mail.

You might also look into "sudo", a program
intended to let peons do things which need
higher status.
0 Kudos
OFC_EDM
Respected Contributor

тАО05-29-2008 10:55 AM

тАО05-29-2008 10:55 AM

Re: running unix commands from mail

Mail is stored in a text file. Unless they've changed that??

Thus it's simple to run a script against the files to look for keywords/commands and take action.

I would have root copy the required emails to separate file where you can control access to the file.

Then use an account with appropriate privileges, hopefully avoiding root (use sudo if needed), to read the files and take actions appropriately.

I used to do this quite successfully.

In the end I decided against it because there's generally better ways to do it.

Sudo is the best way for most things. Because you have control of which commands a user can run as root.

You open up a real can of worms if you have root read emails and run commands in the email. (what if you get spammed with email and run too many instances of the command??)

As well I think the process would break business/security rules in most environments. A disgruntled person coult theoretically launch commands on your system by sending an email...not good.

In short...my humble opinion is don't do it .

:)
The Devil is in the detail.
0 Kudos
Torsten.
Acclaimed Contributor

тАО05-29-2008 11:14 AM

тАО05-29-2008 11:14 AM

Re: running unix commands from mail

What do you want to do?

As a normal user send a command via mail and let it execute from root?

Why? What kind of command? Destructive?

Or do you want to prevent this?
Please clarify!

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
TTr
Honored Contributor

тАО05-29-2008 11:20 AM

тАО05-29-2008 11:20 AM

Re: running unix commands from mail

I read it as he is trying to set up something via email (and I think so did Steven). As I read it again, may be he is trying to prevent it.
0 Kudos
PatRoy
Regular Advisor

тАО06-02-2008 05:14 AM

тАО06-02-2008 05:14 AM

Re: running unix commands from mail

Hey.... Thanks a bunch for your replies!

I'm just gonna create a $HOME/.forward file in the user's home directory, then add "| some-script.sh" to it. I'll process the STDIN within that script and if I see that the FROM is from user X, with subject "something", I'll execute what I need to run... (just a "newaliases" command.

quick and easy.

CHeers all!! :D

P.


0 Kudos
PatRoy
Regular Advisor

тАО06-02-2008 05:16 AM

тАО06-02-2008 05:16 AM

Re: running unix commands from mail

Thanks!!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.