Mailman, Lighttpd, & file permissions
Hello, This seems like it should be in a FAQ somewhere, but I can't find the answer there or in the archives.
I am setting up Mailman to run with my chrooted Lighttpd installation. Lighttpd runs as www-data:www-data, and is chrooted to /var/www. Mailman is running is list:list, as installed by the Debian package. I am trying to work out the best way to get the file permissions sorted out. These should be more-or-less the same as would be needed for Apache. Is there a good reference for this?
A number of directories I have chowned to www-data: the cgi-bin, and so on. But I am unclear on which directories mailman itself needs to have write access to, or the most elegant way to resolve this.
Does anyone simply run mailman as www-data? When I tried adding www-data to the list group, it didn't solve the errors I was getting.
Jeff
Jeffrey Rice wrote:
This seems like it should be in a FAQ somewhere, but I can't find the answer there or in the archives.
See <http://www.google.com/search?hl=en&safe=off&q=site%3Amail.python.org++inurl%3Amailman++chroot>
I am setting up Mailman to run with my chrooted Lighttpd installation.
Mailman is not designed or intended to be run in this way. Mailman is normally installed with all of its files and directories in Mailman's group with appropriate group permissions and the cgi-bin wrappers run as SETGID.
See above.
A normal Mailman installation has the following directories: Mailman, archives, bin, cgi-bin, cron, data, lists, locks, logs, mail, messages, pythonlib, qfiles, scripts, spam, templates and tests.
The 'tests' directory is only used if you run unit tests. Other than that, Mailman (the qrunners started by bin/mailmanctl), the incoming MTA via the mail/mailman wrapper and the web server via the cgi-bin/* wrappers need to be able to read everything and write to the archives, data, lists, locks, logs, qfiles and spam directories.
Does anyone simply run mailman as www-data? When I tried adding www-data to the list group, it didn't solve the errors I was getting.
You will probably get group mismatch errors. See <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.016.htp> for more info.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
Thank you for the reply. I have actually made some good progress on this. The biggest thing I did that helped was switch from the Debian package, which scatters files across the system, to compiling from source and pointing it (./configure --prefix) to a directory inside the jail. This worked much better, since everything was in the some tree, and I only had a few permissions to sort out.
So far, it appears to work well. I have one error with the postalias call, but since I'm using postfix-to-mailman.py I don't think I need it and the list is created despite that crash.
Once I have done more testing, I will try to write this up (maybe for the Wiki?) if it seems it would be helpful.
Jeff
On 8/29/07, Jeffrey Rice wrote:
Once I have done more testing, I will try to write this up (maybe for the Wiki?) if it seems it would be helpful.
That would make a good addition to go along side FAQ 1.14 at <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.014.htp>.
Thanks!
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Jeffrey Rice wrote:
If you are using postfix-to-mailman.py, you should have
MTA = None
(note no quotes) and not
MTA = 'Postfix'
in mm_cfg.py. MTA = 'Postfix' is only for automating the creation of Postfix aliases for Mailman lists, and with postfix-to-mailman.py, you aren't using aliases for Mailman.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Jeffrey Rice wrote:
This seems like it should be in a FAQ somewhere, but I can't find the answer there or in the archives.
See <http://www.google.com/search?hl=en&safe=off&q=site%3Amail.python.org++inurl%3Amailman++chroot>
I am setting up Mailman to run with my chrooted Lighttpd installation.
Mailman is not designed or intended to be run in this way. Mailman is normally installed with all of its files and directories in Mailman's group with appropriate group permissions and the cgi-bin wrappers run as SETGID.
See above.
A normal Mailman installation has the following directories: Mailman, archives, bin, cgi-bin, cron, data, lists, locks, logs, mail, messages, pythonlib, qfiles, scripts, spam, templates and tests.
The 'tests' directory is only used if you run unit tests. Other than that, Mailman (the qrunners started by bin/mailmanctl), the incoming MTA via the mail/mailman wrapper and the web server via the cgi-bin/* wrappers need to be able to read everything and write to the archives, data, lists, locks, logs, qfiles and spam directories.
Does anyone simply run mailman as www-data? When I tried adding www-data to the list group, it didn't solve the errors I was getting.
You will probably get group mismatch errors. See <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.016.htp> for more info.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
Thank you for the reply. I have actually made some good progress on this. The biggest thing I did that helped was switch from the Debian package, which scatters files across the system, to compiling from source and pointing it (./configure --prefix) to a directory inside the jail. This worked much better, since everything was in the some tree, and I only had a few permissions to sort out.
So far, it appears to work well. I have one error with the postalias call, but since I'm using postfix-to-mailman.py I don't think I need it and the list is created despite that crash.
Once I have done more testing, I will try to write this up (maybe for the Wiki?) if it seems it would be helpful.
Jeff
On 8/29/07, Jeffrey Rice wrote:
Once I have done more testing, I will try to write this up (maybe for the Wiki?) if it seems it would be helpful.
That would make a good addition to go along side FAQ 1.14 at <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.014.htp>.
Thanks!
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Jeffrey Rice wrote:
If you are using postfix-to-mailman.py, you should have
MTA = None
(note no quotes) and not
MTA = 'Postfix'
in mm_cfg.py. MTA = 'Postfix' is only for automating the creation of Postfix aliases for Mailman lists, and with postfix-to-mailman.py, you aren't using aliases for Mailman.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Brad Knowles -
Jeffrey Rice -
Mark Sapiro