Shared User IDs

[posted 2000/06/19]

By chance, I happened to learn of shared user IDs on our main mail server:  user A owned user B's mail file. Despite what appeared to be a proper PIKT fix for this, the problem was persisting.

Here was the relevant section from the MailFileChkNotice script: 

        rule    // mail file owned by another account
                if    $access =~ "^-"           // not link or dir
                   && $owner ne $name
                   ...  [more && conditions omitted for brevity]
                        =outputmail "$name file owned by $owner"
                        =execwait "=chown $name =maildir/$name"
                endif

An 'ls -ld' of user B's mail file showed the problem: 

rootmoscow> ls -ld /var/mail/groucho
-rw-rw----   1 harpo  mail       141792 Jun  7 17:28 /var/mail/groucho

"harpo" owned the "groucho" mail file.  I confirmed that PIKT was exec'ing the appropriate corrective step: 

Jun 19 03:51:12 INFO: in dostatement(), MailFileChkNotice, exec wait
  "/usr/bin/chown groucho /var/mail/groucho 2>> /pikt/var/log/Notice.log;
  /usr/bin/rm -f /pikt/etc/Notice.exec.lock 2>/dev/null"

But this was having no apparent effect.  After a minute or two, I discovered the problem: 

rootmoscow> ypmatch groucho passwd
groucho:aM0x7me/mkG6s:48004:40:Groucho Marx:/home/groucho:/local/bin/bash

rootmoscow> ypmatch harpo passwd
harpo:fFYP0sbxy6dsY:48004:40:Harpo Marx:/home/harpo:/local/bin/bash

These two users share the same uid in NIS! Hmm, I thought I had a PIKT script and rule to check for this, but I guess not.  I'll put that on my PIKT todo list for sure.

To catch this sort of thing in the future, I revised the MailFileChkNotice script as follows: 

        rule    // mail file owned by another account
                if    $access =~ "^-"           // not link or dir
                   && $owner ne $name
                   ...  [more && conditions omitted for brevity]
                        if #split($p, $command("=ypmatch $name passwd 2>&1"),
                                      ":") == 7
                                if $p[1] eq $name
                                        =outputmail "$name file owned by $owner"
                                        =execwait "=chown $name =maildir/$name"
                                        do #split($ll, $command("=ll
                                                  =maildir/$name 2>&1"), " ")
                                        if $ll[3] ne $name
                                                output mail "bad file ownership:
                                                             $inlin"
                                        endif
                                else
                                        output mail "bad file ownership: $inlin"
                                endif
                        else
                                output mail "bad file ownership: $inlin"
                        endif
                endif

Before we attempt the chown, we do a ypmatch on this mail file name.  If the ypmatch command gives "bad" results, we send alert mail about "bad file ownership".  If the account (first) field of the "good" ypmatch results eq's the mail file name, we proceed with the chown, else here too we send alert mail about "bad file ownership". 

                                        =outputmail "$name file owned by $owner"

only sends mail if the 'verbose' #define is set to TRUE in defines.cfg. (For us, it's not.) 

                                        =execwait "=chown $name =maildir/$name"

only does the actual chown if the 'doexec' #define is set to TRUE in defines.cfg.  (For us, it is.)

After the chown exec, we recheck the 'ls -ld' for this mail file, then split the output to the $ll[] array.  If the third field of the 'ls -l' output, the $ll[3], still doesn't match the mail file's name, the chown didn't work, and we still have a problem, so we output mail about that.

To test these modifications, I registered the following in alerts.cfg: 

#if moscow
Test
        timing          =piktnever
        mailcmd         "=mailx -s 'PIKT Alert on =pikthostname: Test' pikt-test"
        alarms
                        MailFileChkNotice
#endif

On the master machine, vienna, I installed this test script on the main mailserver, moscow, with the command: 

rootvienna> piktc -iv +D verbose -D doexec +A Test +H moscow

Next, on moscow, I ran the script at the command line: 

rootmoscow> script /tmp/Test.out

> /pikt/bin/pikt +A Test

[output follows]

> exit

A 'vi /tmp/Test.out' confirmed that I was now catching this heretofore undetected error.

Back on the master machine, I then deleted all traces of the Test alert on moscow: 

rootvienna> piktc -tv +A Test +H moscow

processing moscow...
disabling alert(s)...
Test disabled
deleting file(s)...
Test.alt deleted
deleting file(s)...
Test.hst deleted
deleting file(s)...
Test.log deleted

And finally, I installed the Notice alert scripts, including the revised MailFileChkNotice script, on all mailserver machines: 

rootvienna> piktc -iv +A Notice +H mailserver

[output omitted for brevity]

(Sorry for going over some of the same ground again, but I revisit the testing procedures from time to time for the benefit of new pikt-users members.)

For more examples, see Developer's Notes.

 
Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2019-01-12.   This site is PIKT® powered.
Copyright © 1998-2019 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
script abort
macros