Suppose I have a line like this in my /etc/aliases:
foo-bar: "|/etc/smrsh/some_script"
some_script is being run as user mail, but I need it to be running as user nobody.
I'm using procmail as the local delivery agent, and the system is some bastardized RHEL.
How can I configure sendmail or procmail to do what I want?
You can do this with sudo and another script. In /etc/sudoers, allow user mail to run commands as user nobody (and only user nobody) without a password, something like this:
mail ALL = (nobody) NOPASSWD: /usr/bin/script2
then the contents of some_script will be a wrapper for script2:
sudo -u nobody /usr/bin/script2
script2 will then execute as user nobody.
Note I make no guarantees that there aren't huge security holes in this.