UNIX for Advanced & Expert Users

I want to start off by saying thanks to everyone here, you're answers and suggestions are always very helpful.

I have a shell script which is invoked when an email is received. This shell script extracts any attachments that are sent with this email, and then runs a script which submits these files to a repository. The problem is that when the script is envoked, "daemon" is the owner of the files that are created, so the ci and co functions will not work properly. I'm trying to find a way where I can change the owner of the process when the script is envoked.

For example, when the script is envoked, the owner is "daemon", but I need to change the owner to "myUserName", so that when the files are created and the other scripts/commands are called, the system will think that "myUserName" is the person running all of the commands/scripts.

Is this at all possible?

Depending on which OS, there are various more secure methods that what I'll suggest. Which OS?

Have you tried setting the group to be the default group of the daemon user, setting the owner to be the user you want to execute your ci/co operations and then making it a setuid (chmod 4550 <script>)?

Keith

I am running on SUN/OS. I have not tried what you mentioned, really not sure how to do it. When I said that the when the script is run with "daemon" being the owner, daemon is the root.

So lets say I send an email with an attachment, and the script is invoked. The file is decoded and and saved to the current directory, then I try to submit it to the repository. Lets say I log on to the unix account to which the email was sent to, if I look at the file (ls -l), I'm not the owner of the file, the owner of the file is daemon, which is the root and is considered "other". I'm almost certain that this is what is causing the ci and co operations to fail.

So.......I need to figure out how to get the script to be invoked, and run as if the owner of the process is another account, even just my account, anything other than "daemon"!

I know when you do chmod there are 3 numbers like chmod 755. You said chmod 4550.....what is the 0 for?

Thanks for the input.

Ok, I think I should rephrase my question. I did some more research on daemons, and I think I can ask my question better now.

A daemon is a process that runs in the background (like a fork), whithout user interaction (from what I read). So basically what happens is that when an email is received, and the shell script is invoked, a daemon is running the entire process. I need to find a way where I can make the daemon act as if it were a unix user so that the process is run as if the user is the one who is invoking the scripts that are called in the main script, rather than the daemon.

So my basic idea is: email is received, forwarded to a script (daemon is still the owner at the moment), in the main script first thing I want to do is change the user from the deamon to another valid unix account, so then everything that is performed from there on out is performed as if the unix user that I specify is the one who invoked everything.

Does that make more sense? Any ideas?

Thanks

Do you know the name of the userid that you want to change to inside the script? If so, you can do a `chown userid` inside the script once the file has been placed in that userid's directory.

It's fustrating to provide solutions which are rejected without even being tried.

chmod always uses 4 digits not 3. But the leading digit is usually zero so it looks like 3 digits. That leading 4 will turn on the suid bit and probably solve your problem provided you also follow the rest of kduffin's advice.

sorry perderabo, its not that I was rejecting what kduffin said, it was really that I didn't know what the 4 meant, so I didn't know what I was doing. I did some research afterwards and I saw that the 4 was setuid, to make the script run as the owner, rather than as the daemon.

I believe this is exactly what I need, at least from everything I have read (chmod 4755). I did try it, but now what happens is that when I send an email to the account, I get an email back saying that access to the script was denied. I'm thinking that maybe setuid is disabled on our unix system, since I also read that it could be disabled because of security reasons. So my next step is to ask the sys admin if this is actually the case or not.

What I still dont understand is:
- set the group to be the default group?
- set the owner to the user I want to execute the ci/co functions (would this be the same as doing 'chown' inside the script like chuckuy said?

I am going to try the chown inside my script like chuckuy said and see if that solves my problem, because I DO know the owner of the script ahead of time, and I just need that script to run as this specific user.

I appreciate all of the help from everyone. I will be more than happy to try any other suggestions that anyone else may have for me.