Is there a preferred owner and group of the MM2 directory "/usr/local/mailman?"
The installation instructions are a little confusing, but I take away from them the best (almost default) choice for owner:group for the "/usr/local/mailman" ($prefix) directory is 'mailman'.
Any other opinions or recommendations?
Thanks.
Best regards,
-Tom
On 09/15/2015 07:25 AM, Tom Browder wrote:
The group must be 'mailman' (or whatever name you configured via the --with-groupname option to configure). The owner is not critical. It is usually also 'mailman' (or whatever name you configured via the --with-username option to configure), but it really can be anything.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Tom Browder writes:
It doesn't matter what the name is. You may wish to use a predefined name provided by the OS distribution (for example, Debian uses "list", not "mailman").
AFAIK there is no particular need to have the owner of Mailman code or data be the mailman user. For example, on Debian systems root is the owner of all the executables mentioned below, as well as most of the data directories. The important thing about the mailman user is that it is a member of the mailman group (typically the only member of that group).
It is important that the cgi-bin executables be setgid and have the mailman group, that scripts/mailman have the mailman group, and that the Mailman writable data (archives, data, lists, messages, qfiles, spam) have the mailman group.
It also does matter that the user and group have privileges only in Mailman file hierarchies, that there be no other members of the group (except possibly an admin's account, but I consider that an unnecessary risk) and that the name be used appropriately in any application that setuids or setgids to manipulate Mailman data (ISTR there may be some MTA that does).
Bottom line: If I were you, I'd make sure that the mailman group and user are set up properly, and then do "chown root:mailman /usr/local/mailman" (root because I suppose Debian has a reason for doing that ;-).
On September 15, 2015 9:45:27 AM PDT, Tom Browder <tom.browder@gmail.com> wrote:
On Tue, Sep 15, 2015 at 11:30 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
If you have Mailman-Postfix integration, you don't want to set the owner of Mailman's data/aliases.db to root.
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
On Tue, Sep 15, 2015 at 11:58 AM, Mark Sapiro <mark@msapiro.net> wrote: ...
If you have Mailman-Postfix integration, you don't want to set the owner of Mailman's data/aliases.db to root.
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
Ah I forgot about that. Thanks, Mark.
-Tom
On 09/15/2015 07:25 AM, Tom Browder wrote:
The group must be 'mailman' (or whatever name you configured via the --with-groupname option to configure). The owner is not critical. It is usually also 'mailman' (or whatever name you configured via the --with-username option to configure), but it really can be anything.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Tom Browder writes:
It doesn't matter what the name is. You may wish to use a predefined name provided by the OS distribution (for example, Debian uses "list", not "mailman").
AFAIK there is no particular need to have the owner of Mailman code or data be the mailman user. For example, on Debian systems root is the owner of all the executables mentioned below, as well as most of the data directories. The important thing about the mailman user is that it is a member of the mailman group (typically the only member of that group).
It is important that the cgi-bin executables be setgid and have the mailman group, that scripts/mailman have the mailman group, and that the Mailman writable data (archives, data, lists, messages, qfiles, spam) have the mailman group.
It also does matter that the user and group have privileges only in Mailman file hierarchies, that there be no other members of the group (except possibly an admin's account, but I consider that an unnecessary risk) and that the name be used appropriately in any application that setuids or setgids to manipulate Mailman data (ISTR there may be some MTA that does).
Bottom line: If I were you, I'd make sure that the mailman group and user are set up properly, and then do "chown root:mailman /usr/local/mailman" (root because I suppose Debian has a reason for doing that ;-).
On September 15, 2015 9:45:27 AM PDT, Tom Browder <tom.browder@gmail.com> wrote:
On Tue, Sep 15, 2015 at 11:30 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
If you have Mailman-Postfix integration, you don't want to set the owner of Mailman's data/aliases.db to root.
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
On Tue, Sep 15, 2015 at 11:58 AM, Mark Sapiro <mark@msapiro.net> wrote: ...
If you have Mailman-Postfix integration, you don't want to set the owner of Mailman's data/aliases.db to root.
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
Ah I forgot about that. Thanks, Mark.
-Tom
Mark Sapiro writes:
Mailman's bin/check_perms is the safer way to fix ownership and permissions.
Oops, yeah, that's the simplest way to get things consistent. Thanks for the followup!
participants (3)
-
Mark Sapiro -
Stephen J. Turnbull -
Tom Browder