( Subject changed to make it easier for people searching the archives )
This is a brief rundown on how to use a setuid program to invoke
rt-mailgate, when your OS’s perl cannot (or won’t) do setuid properly.
Firstly, compile and install RT.
Secondly, retrieve and extract majordomo from
ftp://ftp.greatcircle.com/pub/majordomo . I used version 1.94.5 for this.
I’ve also attached to this message a cut-down Makefile and the original
wrapper.c .
Thirdly, edit the Majordomo Makefile (or the attached one) and change the
following variables:
W_HOME = /path/to/rt2/bin
W_USER = NUMERIC_ID_OF_RT_USER
W_GROUP = NUMERIC_ID_OF_RT_GROUP
Next, run ‘make wrapper’, and ‘make install-wrapper’ as root.
Finally, put it in your /etc/aliases (or appropriate MTA location) as (on
one line of course):
rt-comment: "|/path/to/rt2/bin/wrapper rt-mailgate --queue
QUEUE_NAME --action comment"
and
rt: “|/path/to/rt2/bin/wrapper rt-mailgate --queue
QUEUE_NAME --action correspond”
( Note that wrapper only looks for the program (1st argument) in the HOME
directory defined below. You don’t need to put
’/path/to/rt2/bin/rt-mailgate’ in the alias file )
When fault-finding, note that /path/to/rt2/bin/wrapper should be setuid,
be owned by root and the RT group, and the /path/to/rt2/bin should be
within the wrapper binary, ie:
$ strings -a /path/to/rt2/bin/wrapper
HOME
HOME=/path/to/rt2/bin
HOME is %s,
If HOME=/something/else, then you’ve probably ended up with your majordomo
version of wrapper.
Your next port of call is ensuring that /path/to/rt2/bin/rt-mailgate
/path/to/rt2/bin/rt-mailgate is executable by the RT user, that the
directory tree all the way to the / is accessible by the RT user, and the
perl indicated by the first ‘#!’ line is executable by the RT user. Then
further fault-find by judicious application of perl -c and checking that
the RT user can access all the libraries, including
/path/to/rt2/etc/config.pm .
I hope this helps.
Regards,
Bruce Campbell RIPE
NCC
Operations
Makefile (2.64 KB)
wrapper.c (3.77 KB)