[Mailman-Users] how to run mailman scripts beside being root?
dragon at crimson-dragon.com
Tue May 30 19:58:44 CEST 2006
Jana Nguyen sent the message below at 10:39 5/30/2006:
>I am running other applications that needs to invoke mailman to create a
>new list and add a member to the list
>by calling "newlist" and "add_memebers" as user "tomcat".
>I have mailman setup with ownership "root" and group "mailman". So how
>do I make mailman scripts "newlist" and "add_members" so
>it can be run as user tomcat? Although the permissions on these scripts
>are 755 it doesn't allow other user beside root to create a new list
>or add a member to the list.
---------------- End original message. ---------------------
First thing I will point out is that running anything as root is a
bad idea unless you absolutely need root access. I would suggest
creating a user named mailman with no shell access and using that as
the owner instead. This is a pretty important thing for security,
root access can have very serious implications and may allow an
attacker to gain control of your server.
The real problem you are having here is tied to the permissions on
the list directory you are trying to access. This being the critical
information in the trace back:
OSError: [Errno 13] Permission denied: '/usr/local/mailman/lists/jtest11'
In order to get things to work the way you want, the user tomcat must
be made a member of the mailman group. All of the scripts should be
configured as set_gid, and the list configuration files and
associated directories should be group writable. If they aren't, you
should run bin/fix_perms -f to configure the permissions correctly.
But before you do that, I would very seriously recommend that you
rebuild and reinstall your mailman installation so it is not owned by
root before somebody trashes your machine.
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
More information about the Mailman-Users