Setting the root
login's 'full name' to identify the machine that sent email
Yesterday I wrote about making sure you can identify what machine sent you a status email, and the comments Sotiris Tsimbonis shared a brilliant yet simple solution to this problem:
We change the gecos info for this purpose.
chfn -f "$HOSTNAME root" root
Take it from me; this is beautiful genius (so much so that both we
and another group here immediately adopted it). It's so simple yet
still extremely effective, because almost everything that sends
email does so using programs like mail
that will fill out the
From:
header using the login's GECOS full name from /etc/passwd
.
You get email that looks like:
From: root@<your-domain> (hebikera root)
This does exactly what we want by immediately showing the machine
that the email is from. In fact many mail clients these days will
show you only the 'real name' from the From:
header by default,
not the actual email address (I'm old-fashioned, so
I see the traditional full From:
header).
This likely works with any mail-sending program that doesn't require
completely filled out email headers. It definitely works in the
Postfix sendmail
cover program for 'sendmail -t
' (as well as
the CentOS 6 and 7 mailx, which supplies the standard mail
command).
(As an obvious corollary, you can also use this trick for any other machine-specific accounts that send email; just give them an appropriate GECOS 'full name' as well.)
There's two perhaps obvious cautions here. First, if you ever rename
machines you have to remember to re-chfn
the root
login and any
other such logins to have the correct hostname in them. It's probably
worth creating an officially documented procedure for renaming machines, since there are
other things you'll want to update as well (you might even script
it). Second, if you have some sort of password synchronization
system you need it to leave root
's GECOS
full name alone (although it can update root
's password). Fortunately
ours already does this.
|
|