Re: Making root run fetchmail as a user?
mdevin@ozemail.com.au (Mark Devin) writes:
> I would like to make fetchmail run as a user rather than root when run
> via my /etc/ppp/ip-up.d/fetchmail-up script
>
> Here is what I tried to do to get fetchmail to run as user "mail":
>
> Make a home directory for user mail - /home/mail
> set the owner and group for this directory to "mail"
> chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail
> chmod 4755 /usr/bin/fetchmail
> This makes the binary run as user mail despite who calls it (including
> root)
> create a .fetchmailrc file in the home directory of user "mail"
> Edit the /etc/ppp/ip-up.d/fetchmail-up script
> Edit the /etc/ppp/ip-down.d/fetchmail-down script
>
> This didn't work.
> I also tried calling fetchmail with the --fetchmailrc and --idfile
> options set appropriately. And this didn't work either.
>
> I wanted to do it this way 'cause I thought it would be more secure - ie
> less things running as root the better. But I guess its not possible to
> be cracked via fetchmail since it doesn't accept connections, it makes
> them itself.
>
> Any ideas 'cause it would be useful to know how to do it anyway.
Forget all that (except the ".fetchmailrc"), just do this --
#!/bin/bash
# /etc/ppp/ip-up.d/fetchmail-up
# Check the mail.
cd /home/mail
su mail -c "/usr/bin/fetchmail -d 900 -t 90 --silent --syslog"
# end /etc/ppp/ip-up.d/fetchmail-down
#!/bin/bash
# /etc/ppp/ip-down.d/fetchmail-down
# Terminate fetching mail
cd /home/mail
su mail -c "/usr/bin/fetchmail --quit"
# end /etc/ppp/ip-down.d/fetchmail-down
--
* For God so loved the world that He gave his only begotten Son, *
* that whoever believes in Him should not perish... John 3:16 *
Reply to: