Installing the Mail gateway is not difficult, but requires some
modest system administration experience. Because of the group-membership
security requirement for BATTS, it's simplest to create a user who is a
member of the batts group. On my system, I created a
user named trouble; if this user will not by default
receive mail sent to the return address you configured in the above
configuration files, you should create an alias that points at this
account.
Most Sendmail installations have smrsh (Sendmail
Restricted Shell) configured. This requires that programs which may be
executed by users be stored (or symbolically linked to) in the
smrsh directory. On my Linux system, this is
/etc/smrsh, but this may differ on other Unix
flavors. From that directory, create a symbolic link to the
ticket-via-email script. On my system, this may be
done as follows:
pushd /etc/smrsh
ln -s /usr/local/bin/ticket-via-email ticket-via-email
popd |
The next step is making the script execute when mail is sent to the
appropriate e-mail address. Assuming that you created a user account
for BATTS, create a
.forward in that user's home
directory which points to the script. The script name should be in
quotes, with a pipe (
|) prior to the filename within
the quotes. On my system, trouble's
.forward file
reads as follows:
"|/etc/smrsh/ticket-via-email",root |
The
,root at the end of the line is optional. It
mails a copy of the incoming ticket to everyone who is listed in the
root alias. If instead you wanted the ticket to be
processed by the script, mailed to everyone on the
<developers@example.net> mailing list run on another
machine, and to a user named
joe on the local
machine, this line could read
"|/etc/smrsh/ticket-via-email",developers@example.net,joe |
The file should be writable only by the user; mode 0644 is fine. If
other users can write to the
.forward file, then
Sendmail will refuse to execute it.
While it may be possible to use an alias in
/etc/aliases and have the
ticket-via-email script setgid to the
BATTS group, my gut feeling is that this would be
less secure than creating another user. I have no real evidence for that
assertion, however.
At this point, BATTS is installed on your system. Send a test ticket
in via the e-mail gateway and see that everything performs as expected.