mwl,
@mwl@io.mwl.io avatar

Looking for a way to run a single command as user "www" on .

Roundcube uses doveadm to compute password hashes, but the www user defaults to the nologin shell and /nonexistent home directory. I really, REALLY don't want to change that.

Anyone have something clever to let me run just this one command as www?

[edit to add: Roundcube is a web app. It runs as user www. I can't have another run the command as www: www needs to execute the process. www can't run sudo or doas without the sort of something that would let www run doveadm.]

mwl,
@mwl@io.mwl.io avatar

Lots of folks saying sudo, but (as root):

su www -c "sudo /usr/local/bin/doveadm -s blf-crypt"

This account is currently not available.

So www can't run sudo to run the command.

Topslakr,
@Topslakr@fosstodon.org avatar

@mwl Why do you need sudo in the command if it’s supposed to run as www? Is that needed?

mwl,
@mwl@io.mwl.io avatar

@Topslakr it's not supposed to run as root, but I need a way to run a command as user www.

Because www has no shell, and thus can't run commands.

Which is the problem I'm trying to solve.

Topslakr,
@Topslakr@fosstodon.org avatar

@mwl I see. In that case, I’d try this:

su www -s /bin/bash -c "/usr/local/bin/doveadm -s blf-crypt"

This is working for me, on Debian (though the user is www-data in that case).

mwl,
@mwl@io.mwl.io avatar

@Topslakr

I'm only using su to run commands as www. The web server will be running the command, so there's no chance to add the -s /bin/sh.

Topslakr,
@Topslakr@fosstodon.org avatar

@mwl Very intriguing! How is it triggered? Button on a webpage?

mwl,
@mwl@io.mwl.io avatar

@Topslakr by a PHP script.

Topslakr,
@Topslakr@fosstodon.org avatar

@mwl Aah. Can you not have php call a shell script?

Topslakr,
@Topslakr@fosstodon.org avatar

@mwl And, since it’s being run by the www user, why do you need even su? It’s already that user.

mwl,
@mwl@io.mwl.io avatar

@Topslakr I'm only using su to run a command as this shell-less user.

I can't su to the user, because:

su www

This account is currently not available.

Topslakr,
@Topslakr@fosstodon.org avatar

@mwl But calling a script with a shebang? lol. I’m obviously out of my depth. Good luck! I’ll leave you alone. 😂

matt_garber,
@matt_garber@mastodon.sdf.org avatar

@mwl Roundcube (PHP) is already running as the ‘www’ user, right? So what about adding a simple .php script in a location that your PHP-FPM or CGI can see (could also be owned as root so the ‘www’ user can’t modify the content) that calls:

<?php
system(‘/usr/local/bin/doveadm…’);
?>

Since Roundcube is already running as ‘www’, using php [script name] should cause that system() command within the script to also be executed as ‘www’ without needing any extra su/sudo/doas invocations anywhere.

mwl,
@mwl@io.mwl.io avatar

@matt_garber hmmm...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • FreeBSD
  • DreamBathrooms
  • magazineikmin
  • cubers
  • InstantRegret
  • cisconetworking
  • Youngstown
  • vwfavf
  • slotface
  • Durango
  • rosin
  • everett
  • kavyap
  • thenastyranch
  • mdbf
  • megavids
  • khanakhh
  • modclub
  • tester
  • ethstaker
  • osvaldo12
  • GTA5RPClips
  • ngwrru68w68
  • Leos
  • anitta
  • tacticalgear
  • normalnudes
  • provamag3
  • JUstTest
  • All magazines