-
-
Save onlime/4bc4514e835d7c4d685f to your computer and use it in GitHub Desktop.
# <SRCUSER> <SRCPW> <DSTUSER> <DSTPW> |
#!/bin/bash | |
############# CONFIGURATION ########### | |
ACCOUNTS=accounts.list | |
SRCHOST=imap.example.com | |
DSTHOST=imap.onlime.ch | |
####################################### | |
EXTRALOG=sync.log | |
TSFORMAT="%Y-%m-%d %H:%M:%S" | |
# loop through all accounts | |
grep -ve '^#.*' $ACCOUNTS | while read SRCUSER SRCPW DSTUSER DSTPW | |
do | |
MESSAGE="[`date +"$TSFORMAT"`] synchronizing $SRCUSER@$SRCHOST to $DSTUSER@$DSTHOST ..." | |
echo $MESSAGE | |
echo $MESSAGE >> $EXTRALOG | |
# security: temporarly store passwords to files in order | |
# not to pass them directly by command line option | |
echo -n $SRCPW > imap-secret-src | |
echo -n $DSTPW > imap-secret-dst | |
## VARIANT 1) source host supports SSL/TLS (imap port 993) | |
imapsync --host1 $SRCHOST --ssl1 --port1 993 --authmech1 PLAIN --user1 $SRCUSER --passfile1 imap-secret-src \ | |
--host2 $DSTHOST --ssl2 --port2 993 --authmech2 PLAIN --user2 $DSTUSER --passfile2 imap-secret-dst \ | |
--delete2 --delete2folders | |
## VARIANT 2) source host does not support SSL/TLS (imap port 143) | |
#imapsync --host1 $SRCHOST --port1 143 --authmech1 PLAIN --user1 $SRCUSER --passfile1 imap-secret-src \ | |
# --host2 $DSTHOST --ssl2 --port2 993 --authmech2 PLAIN --user2 $DSTUSER --passfile2 imap-secret-dst \ | |
# --delete2 --delete2folders | |
## VARIANT 3) source host has different INBOX prefix, transform it while syncing | |
#imapsync --host1 $SRCHOST --ssl1 --port1 993 --authmech1 PLAIN --user1 $SRCUSER --passfile1 imap-secret-src \ | |
# --host2 $DSTHOST --ssl2 --port2 993 --authmech2 PLAIN --user2 $DSTUSER --passfile2 imap-secret-dst \ | |
# --delete2 --delete2folders | |
# --regextrans2 "s/INBOX.INBOX/INBOX/" | |
rm -f imap-secret-* | |
done | |
MESSAGE="[`date +"$TSFORMAT"`] imapsync sucessfully completed!" | |
echo $MESSAGE | |
echo $MESSAGE >> $EXTRALOG | |
exit 0 |
Sorry if I am silly, but I failt to see the reason why sending pw to a file and then picking it up with a --passfile1 is safer than directly using the variable. You are risking to leave a file behind which wouldn't happen if it is environment; it gets destroyed when the script finishes or is killed.
Care to explain?
Thanks!
Sorry if I am silly, but I failt to see the reason why sending pw to a file and then picking it up with a --passfile1 is safer than directly using the variable. You are risking to leave a file behind which wouldn't happen if it is environment; it gets destroyed when the script finishes or is killed. Care to explain? Thanks!
Remember there are shared hosting providers that offer you imapsync
but don't do any process hiding. We at Onlime have the procfs hidepid=2
mount option in place on all shared webservers, so that's not really an issue. But other (bad) customers could sniff other's running processes if that's not the case.
And yes, leaving a file behind is never a good idea. A matter of taste, which is worse, depends on your environment.
Cheers, Pipo
Oh, so you are suggesting the risk is that someone logged in the same shared server could pick the password from the process table with ps. That makes sense.
Thank you.
quick question to add this to the code would be something like this?