[Mailman-Users] how to run mailman scripts beside being root?
jnguyen at ncmir.ucsd.edu
Tue May 30 22:16:24 CEST 2006
> Jana Nguyen sent the message below at 10:39 5/30/2006:
>> I am running other applications that needs to invoke mailman to create a
>> new list and add a member to the list
>> by calling "newlist" and "add_memebers" as user "tomcat".
>> I have mailman setup with ownership "root" and group "mailman". So how
>> do I make mailman scripts "newlist" and "add_members" so
>> it can be run as user tomcat? Although the permissions on these scripts
>> are 755 it doesn't allow other user beside root to create a new list
>> or add a member to the list.
> ---------------- End original message. ---------------------
> First thing I will point out is that running anything as root is a bad
> idea unless you absolutely need root access. I would suggest creating
> a user named mailman with no shell access and using that as the owner
> instead. This is a pretty important thing for security, root access
> can have very serious implications and may allow an attacker to gain
> control of your server.
> The real problem you are having here is tied to the permissions on the
> list directory you are trying to access. This being the critical
> information in the trace back:
> OSError: [Errno 13] Permission denied: '/usr/local/mailman/lists/jtest11'
> In order to get things to work the way you want, the user tomcat must
> be made a member of the mailman group.
I added user tomcat to mailman group in /etc/group
> All of the scripts should be configured as set_gid,
How can I configure the scripts as set_gid? This does not seem to be on
the list of configuration options which mailman doc described.
> and the list configuration files and associated directories should be
> group writable. If they aren't, you should run bin/fix_perms -f to
> configure the permissions correctly.
I don't have bin/fix_perms script. I'm running mailman 2.1. So I
manually chmod 775 to lists dir.
> But before you do that, I would very seriously recommend that you
> rebuild and reinstall your mailman installation so it is not owned by
> root before somebody trashes your machine.
> Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
More information about the Mailman-Users