| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 22802 | 2002-07-30 22:14:00 | unix "mail" command | markOS X (494) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 66868 | 2002-07-30 22:14:00 | Does anyone know if you can specify a given reply-to address when using the unix command mail?? Because I am using a cgi-script to send email, the current reply-to address is the username that the cgi-process is run under - in my case this is the nobody user, which isn't particularly useful if someone wants to reply back to me as I don't have log-in rights to the nobody user. I could of course use the Form Mail script or some such, but I am interested to know if what I am after is possible. Any help appreciated. cheers, markOS X |
markOS X (494) | ||
| 66869 | 2002-07-31 05:14:00 | I don't think you can. Not according to man mail . You could try the -u option, but I'm pretty sure that that is intended for use when receiving mail. Why are you using a script owned by nobody ?:| Is this set up by the system administrators at an institution? If so, I'm surprised they haven't had lots of complaints about this. If it's something you're doing, I think you will have to try another way ... Setting the suid bit for the script might work. The only smart way to reply to email is to use the Reply command: it spells better than I do. Mail uses the current value of the USER variable in its environment to issue the "From: ". The old Irish joke: "If I wanted to get there from here, I wouldn't start from here." |
Graham L (2) | ||
| 66870 | 2002-07-31 06:15:00 | When I run the cgi-script with a line similar to the following in the body: echo "some body text here" | mail user@domain.ac.nz -s "some subject here" the reply-to address is set as nobody@domain.ac.nz. I take it to mean that the script is executed by the owner of the http service from which it is called, i take it that this is the nobody user. The script is actually owned by me but the permissions are set to 755 in order for it to work across the intranet. I may not have permissions to set the suid bit - i'm locked down pretty tightly as far as I can tell. I agree with you that letting the script run as nobody - as opposed to some other user - is not safe, but the server is maintained by a lecturer, tertiary beauracracy being what it will and I don't think the Sys Admins know how well the server is configured. I think its configured pretty badly, actually, as one of the lecturers have made the actual httpd.conf file for general perusal, which seems crazy to me, although I'm probably one of the few on my course who have set up the apache server before and can understand most of it. Lately I've been playing around with what sort of commands I can get a cgi-script to execute for me, and I have discovered that I can use the kill command for processes not originated by me (the nobody user) among other interesting things (ps, who, man, mail, gcc and so on). Perhaps I should let them know... Thanks for your help, and I'll see what I can see, markOS X |
markOS X (494) | ||
| 66871 | 2002-07-31 06:31:00 | Aha . This is from a web page of yours in the httpd server . Well, the server ought to run as nobody (who should have very few privileges . That's a standard security precaution . httpd is started at boot time, by root, then it suids to nobody . httpd is exposed to the world --- if someone can get into it with root as owner, that will make for very unhappy campers . I would have a look at how the mailto: construct is handled . |
Graham L (2) | ||
| 1 | |||||