Allow user to execute a shell script without seeing its contents?

If you need your solution to work as is, a simple hack would be to use a short C program instead of a shell script:

int main(){
setuid(geteuid());
system("/path/to/send-incoming-email.sh");
}

And have that setuid, thus avoiding the race condition, and at the same time allowing you to pass off execution of the script as root.

This isn't the best solution, by far, but it will solve the problem as described.


Linux will ignore the setuid bit for shell scripts to avoid possible race-conditions.


The "proper" way of sending email on Unix/Linux systems is to configure a MTA such as Postfix, Exim4 or Sendmail and let it handle the SMTP authentication mess. There also are "relay-only" MTAs - esmtp, msmtp, ssmtp. All of these can do SMTP relaying ("smarthost") with authentication, for example, through Gmail servers. It becomes trickier on a multi-user machine, but still doable.

(When a MTA is configured, sending an email is done by passing the data to /usr/sbin/sendmail rcpt@address.)