[Mailman-Users] how to run mailman scripts beside being root?

Jana Nguyen jnguyen at ncmir.ucsd.edu
Tue May 30 22:16:24 CEST 2006 

Dragon wrote:

> Jana Nguyen sent the message below at 10:39 5/30/2006:
>
>> I am running other applications that needs to invoke mailman to create a
>> new list and add a member to the list
>> by calling "newlist" and "add_memebers" as user "tomcat".
>>
>> I have mailman setup with ownership "root" and group "mailman".  So how
>> do I make mailman scripts "newlist" and "add_members" so
>> it can be run as user tomcat?  Although the permissions on these scripts
>> are 755 it doesn't allow other user beside root to create a new list
>> or add a member to the list.
>
> ---------------- End original message. ---------------------
>
> First thing I will point out is that running anything as root is a bad 
> idea unless you absolutely need root access. I would suggest creating 
> a user named mailman with no shell access and using that as the owner 
> instead. This is a pretty important thing for security, root access 
> can have very serious implications and may allow an attacker to gain 
> control of your server.
>
>
> The real problem you are having here is tied to the permissions on the 
> list directory you are trying to access. This being the critical 
> information in the trace back:
>
> OSError: [Errno 13] Permission denied: '/usr/local/mailman/lists/jtest11'
>
>
> In order to get things to work the way you want, the user tomcat must 
> be made a member of the mailman group.

I added user tomcat to mailman group in /etc/group

> All of the scripts should be configured as set_gid,

How can I configure the scripts as set_gid?  This does not seem to be on
the list of configuration options which mailman doc described.

> and the list configuration files and associated directories should be 
> group writable. If they aren't, you should run bin/fix_perms -f to 
> configure the permissions correctly.

I don't have bin/fix_perms script.  I'm running mailman 2.1.  So I
manually chmod 775 to lists dir.

Thanks!

>
> But before you do that, I would very seriously recommend that you 
> rebuild and reinstall your mailman installation so it is not owned by 
> root before somebody trashes your machine.
>
>
> Dragon
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

More information about the Mailman-Users mailing list