Bug#293207: bogofilter: Any fix found?
Matthias Andree
matthias.andree at gmx.de
Tue Mar 8 11:02:22 CET 2005
[resending to list, wasn't aware it was in the list, too]
On Mon, 07 Mar 2005, Dann Daggett wrote:
> Aha! I think you've found it.
>
> I have a cron job that's probably the culprit.
> 0-59 * * * * /usr/local/bin/dmd_todo
>
> This is my own C program that processes spam training feedback that come
> back in from the user (i.e. dann) and executes bogofilter to update the
> wordlist accordingly. It uses a system() call sending the following command:
>
> /usr/local/bin/bogofilter -s
> -d "/home/dann/.bogofilter"
> -I "/home/dann/Procmail/103"
>
> I set this as a root cron job since it processes many different users spam
> training. I am now assuming that if this program's execution of bogofilter
> causes the log file to reach 1MB, the new log file created is owned by root!
Bingo!
> If this is the case I need to include a bogofilter option so it executes as
> the actual user being updated. I found no such option in the man pages
> however.
No need. Either of these options should work:
- some cron programs have the option of running their children under a
particular user account; on SuSE, /etc/crontab has a 6th column for the
user ID. Your cron may not offer this option.
- su(1), with GNU coreutils (or predecessors), something like the
following might work, the trailing "dann" is the user account to use,
and you may perhaps need to retry su -l -c ... (with -l, that's minus
and ell) added, see "info coreutils 'su invocation'" for details.
su -c '/usr/local/bin/bogofilter -s -d "/home/dann/.bogofilter"
-I "/home/dann/Procmail/103"' dann
- some run_as program. I am attaching my own variant,
just prefix "run_as dann " to your cron job, without the quotes, and
giving the program name (bogofilter) with full path, as you already
do, run_as does not search $PATH. run_as expects to be run by root. As
you already have bogofilter, allow me to refer you to the GNU General
Public License that shipped with bogofilter in the COPYING file.
Compile with gcc -Os -s -o run_as run_as.c
(use -O rather than -Os if your compiler complains about -Os)
> If there is no such bogofilter option, perhaps I should not have this
> dmd_todo program run from root's cron, but create a cron job for every user
> to run it (but re-code the program to process only one user instead of all
> of them).
That would be the obvious solution.
--
Matthias Andree
-------------- next part --------------
/*
* run_as - run a program as a different user
* Copyright (C) 2002 Matthias Andree <matthias.andree at gmx.de>
*
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
/*@unused@*/ static const char id[] = "$Id: run_as.c,v 1.2 2002/11/15 11:59:17 emma Exp emma $";
/*@noreturn@*/ static void usage(const char *n) {
printf("Usage: %s useraccount /path/program [args]\n", n);
exit(1);
}
/*@noreturn@*/ static void die(void) {
exit(2);
}
/*@noreturn@*/ static void bail(const char *n) {
perror(n);
die();
}
int main(int argc, char **argv)
{
int a = 1;
struct passwd *p;
if (argc < 3 || (argc > a && (!strcmp("-h", argv[a])
|| !strcmp("--help", argv[a])))) usage(argv[0]);
if (!strcmp("--", argv[a])) a++;
if (!(p=getpwnam(argv[a]))) {
fprintf(stderr, "%s: No such user.\n", argv[0]);
die();
}
if (initgroups(p->pw_name, p->pw_gid)) bail(argv[0]);
if (setgid(p->pw_gid)) bail(argv[0]);
endgrent();
if (setuid(p->pw_uid)) bail(argv[0]);
endpwent();
++a;
if (execv(argv[a], argv + a)) bail(argv[a]);
exit(0);
}
-------------- next part --------------
_______________________________________________
Bogofilter mailing list
Bogofilter at bogofilter.org
http://www.bogofilter.org/mailman/listinfo/bogofilter
More information about the Bogofilter
mailing list