Re: Syncing multiple IMAP/ user accounts

Hi,=0D
=0D
I did it a comparable way...=0D
=0D
On Tue, 18 Mar 2008 19:06:59 +0100, Vincent Beffara
<vbeffara+mlgmail.co=
m>=0D
wrote:=0D
> [...]=0D
>> I've never played around with "sudo" up
to now. What I've seen is that=
=0D
>> I'd have to edit /etc/sudoers. Will this make it
possible for root to=0D
>> work with joe or jane's permissions also if they do
not have a shell=0D
>> assigned in /etc/passwd?=0D
> =0D
> If they have /bin/false as a shell and a disabled
account, then yes it =
=0D
> does :=0D
> =0D
> galadriel-~ > sudo grep dhcp /etc/passwd
/etc/shadow=0D
> /etc/passwd:dhcp:101:
101::/nonexistent:/bin/false=0D
> /etc/shadow:dhcp:!:13821:0:99999:7:::=0D
=0D
All my users are configured the same way (now  ). The
shell is=0D
"/etc/false" and ...=0D
=0D
> (BTW this is running as myself and not as root, which
is the whole poin=
t =0D
> of using sudo - if you run as root, you don't really
need it ...) The =0D
> line you will need in /etc/sudoers is something
like=0D
=0D
... I added them to some User_Alias directive in
"/etc/sudoers" and...=0D
=0D
> offlineimap localhost=3D(ALL) NOPPASSWD:
/usr/bin/offlineimap=0D
=0D
...the rest is similar to your config. The only difference
is (still, but=
=0D
will be changed) that root is the executing user in the
crontab. Can=0D
everybody run the sudo command? I'd create a limited account
for the sudo=
=0D
stuff then.=0D
=0D
> (meaning 'the user offlineimap, when connected on
localhost, can, =0D
> without having to give her password, run the command
=0D
> /usr/bin/offlineimap as any user'). Check the manpage
though !=0D
=0D
As there are a few more users on this system than just mine
I run a scrip=
t=0D
that does this as each one after the other. What I did not
find yet was a=
=0D
possibility to log the output to some global log file ... in
order to hav=
e=0D
a possibility to check in case of occuring errors. Putting a
">>=0D
/var/log/offlineimap.log" behind the command in the
crontab prevented the=
=0D
syncscript from being executed properly. But I guess this is
something th=
at=0D
might be set up in the .offlineimaprc.=0D
=0D
CU,=0D
Daniel,=0D
steadily learning.=0D

> All my users are configured the same way (now  ). The
shell is=3D0D
> "/etc/false" and ...=3D0D
>
> > (BTW this is running as myself and not as root,
which is the whole po=
in=3D
> > of using sudo - if you run as root, you don't
really need it ...) The=
 =3D0D
> > line you will need in /etc/sudoers is something
like=3D0D
>
> ... I added them to some User_Alias directive in
"/etc/sudoers" and...=3D=
0D
>
> > offlineimap localhost=3D(ALL) NOPPASSWD:
/usr/bin/offlineimap
>
> ...the rest is similar to your config. The only
difference is (still, b=
ut=3D > =3D0D
> will be changed) that root is the executing user in the
crontab. Can=3D=
0D
> everybody run the sudo command?

The binary file has mode 755, if that's what you are asking
- but only=20
users explicitly in the /etc/sudoers file (as a separate
line or within=20
a group) can actually use it to run commands. The others
will get an=20
error message along the lines of 'you are not a sudoer'.

>                                 I'd create a limited
account for the su=
do=3D
> stuff then.=3D0D

Yes, that's the spirit. There are 2 use cases (that I know
of): yours=20
(i.e. a limited user that has to run one command as somebody
else), and=20
the "opposite" giving your main (non-root) account
a way to run any=20
command as root.

In my example the name of the limited account is
'offlineimap', but it=20
might as well be 'daemon' or even 'nobody', if you have
other tasks for=20
it to do.

In any case, sudo is a great tool.

  /v

PS: Your mailer seems to do some funky stuf with
quoted-printable=20
encoding ...

--=20
Vincent Beffara
UMPA - ENS Lyon
46 All=E9e d'Italie
69364 LYON cedex 07
Tel: 04 72 72 85 25
Fax: 04 72 72 84 80