[Mailman-Developers] Red Hat plans on moving an installation directory

John Dennis jdennis at redhat.com
Wed Sep 29 18:39:13 CEST 2004


Hi All:

I thought it would be valuable to communicate this to this group and if
it does not provoke any major outcry's then to the mail-users group a
bit later.

For a long time our mailman RPM's have installed all of mailman under
/var/mailman (specifically both the prefix and with-var-prefix
parameters to configure were set to /var/mailman). This was a packaging
decision made before my tenure here and the rational for the decision
seems to be lost. My personal belief is once a decision is made for
where files live in a distribution there is much value in keeping that
consistent as users develop expectations on where to find files.

However, we are in the process of trying to make Linux much more secure
and a major component of that strategy is the introduction of a
technology called SELinux (Secure Linux). SELinux has at its heart the
"labeling" of files which give fine grained control over what actions
specific processes operating in certain "roles" can do. To make this
viable there is a tremendous advantage to having files installed in
canonical locations (at a minimum conforming to the FHS, the Filesystem
Hierarchy Standard). 

The previous choice of installing all of mailman, including the scripts,
libraries, executables, and cgi-bin which need to be locked down and
restricted for process execution into a filesystem root (/var) which is
designated to contain variable application data which is not executed
was creating security policy problems.

We have made a choice to move the non-data components of mailman to
/usr/lib/mailman by changing the prefix configure parameter (the
with-var-prefix remains set to /var/mailman). This is closer to what
some of the other distributions do.

We intend to introduce this change in the Fedora Core 3 release and the
RHEL 4 release. 

Since there are a number of files that admins modify (config and
templates) and which the rpm installation process normally preserves on
upgrade they may get "burned" because the installer is not smart enough
to preserve those modified files across a new installation directory, or
may simply be confused on where to find files.

The installation directory change will appear in release notes and the
installation documentation (/usr/share/doc/mailman-*) however we all
know how much people read these things :-). So I thought this was a
valuable group to draw attention to this as its certain to come up as an
issue at some point. Also, if you see some fundamentally flawed reason
why this is a bad change now is the time to raise your concerns before
we advance out of the beta period.

When the release goes live I will send mail to mailman-users and the Red
Hat portion of the FAQ should be amended.

Thanks!
-- 
John Dennis <jdennis at redhat.com>



More information about the Mailman-Developers mailing list