smrsh(8) [centos man page]
SMRSH(8) System Manager's Manual SMRSH(8) NAME
smrsh - restricted shell for sendmail SYNOPSIS
smrsh -c command DESCRIPTION
The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files. It sharply limits the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system. Briefly, even if a ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs that he or she can execute. Briefly, smrsh limits programs to be in a single directory, by default /etc/smrsh, allowing the system administrator to choose the set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the characters ``', `<', `>', `;', `$', `(', `)', ` ' (carriage return), or ` ' (newline) on the command line to prevent ``end run'' attacks. It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"'' Initial pathnames on programs are stripped, so forwarding to ``/usr/ucb/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca- tion'', and ``vacation'' all actually forward to ``/etc/smrsh/vacation''. System administrators should be conservative about populating the /etc/smrsh directory. For example, a reasonable additions is vaca- tion(1), and the like. No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the /etc/smrsh directory. Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax); it simply disallows execution of arbitrary programs. Also, including mail filtering programs such as procmail(1) is a very bad idea. procmail(1) allows users to run arbitrary programs in their procmailrc(5). FILES
/etc/smrsh - directory for restricted programs SEE ALSO
sendmail(8) $Date: 2004/08/06 03:55:35 $ SMRSH(8)
Check Out this Related Man Page
vacation(1) General Commands Manual vacation(1) NAME
vacation - Informs senders of mail that recipient is absent SYNOPSIS
vacation -I The vacation command returns a message to the sender of a mail message, saying that the recipient is on vacation or otherwise absent. OPTIONS
Initializes the $HOME/.vacation.pag and $HOME/.vacation.dir files. Execute this option before you modify your $HOME/.forward file. DESCRIPTION
The vacation command accepts standard input and attempts to send a vacation message to the user specified in that input, which should be a mail message. The vacation command is usually invoked in your $HOME/.forward file, which is used to forward your mail to another username. When you want vacation messages to be sent to users who send you mail, enter the following in your $HOME/.forward file: user, "|vacation user" Replace user by your username. This allows mail sent to you to be both received by you and piped to the vacation command; vacation reads the mail message, determines the sender, and sends a reply. The sender receives a vacation message, and the original mail is waiting in your mailbox when you return. When vacation is invoked without the -I option, as in the file, it reads the first line from the standard input for a From line to deter- mine the sender. If this is not present, an error message is produced. (All properly formatted incoming mail should include a From line.) No vacation message is sent if the From header line indicates that the message is from Postmaster; from MAILER-DAEMON; if the initial From line includes the string -REQUEST@; or if a Precedence: bulk or Precedence: junk line is included in the header. You must initialize vacation for your username by issuing the command vacation -I before you can use the vacation command. The vacation command expects a $HOME/.vacation.msg file containing a message to be sent back to each sender. The file should be an entire message, including any desired headers, such as From or Subject. This message will be sent only once a week to each unique message sender. (If this file does not exist, vacation uses /usr/share/lib/vacation.def, a system-wide default vacation message, if it exists.) The names of people who have sent you messages are kept in the files $HOME/.vacation.pag and $HOME/.vacation.dir. These files are created when you initialize vacation for your username with vacation -I. EXAMPLES
If your username is myra and you want to send a message once a week to each person who has sent you mail, initialize vacation by entering: vacation -I Next, add the following line to your $HOME/.forward file (create this file if it does not exist): myra, "|vacation myra" If you want to send a vacation message other than the system default message in /usr/share/lib/vacation.def, create the file in your home directory and enter the message in it. For example: From: myra@k.table (Myra Louise Minter) Subject: I am on vacation. Delivered-By-the-Graces-Of: the Vacation program I am on vacation until October 1. If you have something urgent, please telephone Lucy or Sue. -- Myra FILES
System-wide default vacation message. Contains address to which mail is forwarded. Contains the names of people who have sent you mail while the vacation command was being used. Contains the names of people who have sent you mail while the vacation command was being used. Contains your personal vacation message. SEE ALSO
Commands: mail(1), mailx(1), sendmail(8) vacation(1)