[Mailman-Users] Permissions weirdness?
Brad Knowles
brad at stop.mail-abuse.org
Mon Jul 7 18:42:09 CEST 2003
At 12:27 AM -0500 2003/07/07, Ian Beyer wrote:
> Now, if I setuid root the postfix stuff, everything is peachy, but this
> isn't something I'm particularly keen on doing, for obvious reasons.
>
> I compiled mailman with --with-mail-gid set to the postfix gid, but the
> master postfix process runs as root.
>
> Can someone tell me what I screwed up here? Do I need to rebuild with
> - --with-mail-gid set to 0? that doesn't sound like something I want to do.
One of the things we've found with mailman is that it needs to
run as the "mail" group for your MTA (whatever that is), and it also
needs to run as the "web" group for your web server. If they don't
run as the same group, you've got a problem. If you've got one or
the other chroot'ed, this makes things even more "interesting".
We ended up building and installing two copies of mailman -- one
with the same group as our MTA (outside of the chroot), and one that
runs as the same group as our web server (inside the chroot). Pretty
much totally invalidates the purpose of the chroot, but we couldn't
get anything else to work.
We just make sure that the paths, etc... are set so that the
web-group version of mailman is what gets called by apache, and the
mail-group version of mailman is what gets called by postfix.
--
======================================================================
Brad Knowles, <brad at stop.mail-abuse.org>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
More information about the Mailman-Users
mailing list