Is there a preferred owner and group of the MM2 directory "/usr/local/mailman?"
The installation instructions are a little confusing, but I take away from them the best (almost default) choice for owner:group for the "/usr/local/mailman" ($prefix) directory is 'mailman'.
Any other opinions or recommendations?
Thanks.
Best regards,
-Tom
On 09/15/2015 07:25 AM, Tom Browder wrote:
The installation instructions are a little confusing, but I take away from them the best (almost default) choice for owner:group for the "/usr/local/mailman" ($prefix) directory is 'mailman'.
The group must be 'mailman' (or whatever name you configured via the --with-groupname option to configure). The owner is not critical. It is usually also 'mailman' (or whatever name you configured via the --with-username option to configure), but it really can be anything.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Tue, Sep 15, 2015 at 10:15 AM, Mark Sapiro <mark@msapiro.net> wrote:
On 09/15/2015 07:25 AM, Tom Browder wrote:
The installation instructions are a little confusing, but I take away from them the best (almost default) choice for owner:group for the "/usr/local/mailman" ($prefix) directory is 'mailman'. ... --with-groupname option to configure). The owner is not critical. It is usually also 'mailman' (or whatever name you configured via the --with-username option to configure), but it really can be anything.
Thanks so much, Mark!
Best,
-Tom
Tom Browder writes:
The installation instructions are a little confusing, but I take away from them the best (almost default) choice for owner:group for the "/usr/local/mailman" ($prefix) directory is 'mailman'.
It doesn't matter what the name is. You may wish to use a predefined name provided by the OS distribution (for example, Debian uses "list", not "mailman").
AFAIK there is no particular need to have the owner of Mailman code or data be the mailman user. For example, on Debian systems root is the owner of all the executables mentioned below, as well as most of the data directories. The important thing about the mailman user is that it is a member of the mailman group (typically the only member of that group).
It is important that the cgi-bin executables be setgid and have the mailman group, that scripts/mailman have the mailman group, and that the Mailman writable data (archives, data, lists, messages, qfiles, spam) have the mailman group.
It also does matter that the user and group have privileges only in Mailman file hierarchies, that there be no other members of the group (except possibly an admin's account, but I consider that an unnecessary risk) and that the name be used appropriately in any application that setuids or setgids to manipulate Mailman data (ISTR there may be some MTA that does).
Bottom line: If I were you, I'd make sure that the mailman group and user are set up properly, and then do "chown root:mailman /usr/local/mailman" (root because I suppose Debian has a reason for doing that ;-).
On Tue, Sep 15, 2015 at 11:30 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
Tom Browder writes:
The installation instructions are a little confusing, but I take away from them the best (almost default) choice for owner:group for the "/usr/local/mailman" ($prefix) directory is 'mailman'.
It doesn't matter what the name is. You may wish to use a predefined ... Bottom line: If I were you, I'd make sure that the mailman group and user are set up properly, and then do "chown root:mailman
Steve, thanks for some good info, but no 'chown -R'?
Best,
-Tom
On September 15, 2015 9:45:27 AM PDT, Tom Browder <tom.browder@gmail.com> wrote:
On Tue, Sep 15, 2015 at 11:30 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
Bottom line: If I were you, I'd make sure that the mailman group and user are set up properly, and then do "chown root:mailman
Steve, thanks for some good info, but no 'chown -R'?
If you have Mailman-Postfix integration, you don't want to set the owner of Mailman's data/aliases.db to root.
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
On Tue, Sep 15, 2015 at 11:58 AM, Mark Sapiro <mark@msapiro.net> wrote: ...
If you have Mailman-Postfix integration, you don't want to set the owner of Mailman's data/aliases.db to root.
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
Ah I forgot about that. Thanks, Mark.
-Tom
participants (3)
-
Mark Sapiro -
Stephen J. Turnbull -
Tom Browder