[Mailman-Users] Integrating mailman with Sendmail
dragon at crimson-dragon.com
Thu May 1 17:13:40 CEST 2008
Bill Honneus (honneus) wrote:
>I'm a little confused about something regarding setting up Mailman to
>run using Sendmail. The following are instructions for how to create
>the mailman user. My first question is, why is the user created with no
>shell and no home? The documentation does not explain the reason why
>this is needed.
>% groupadd mailman
>% useradd -c''GNU Mailman'' -s /no/shell -d /no/home -g mailman mailman
This is a standard security tactic for user accounts that are there
for the sole purpose of running daemon processes. It helps prevent an
attacker from usurping control under that user name.
I would seriously suggest following the convention as it is an added
layer of protection against malicious access.
>Second, in Ed Greenbergs workaround for integrating with Sendmail
>without mm-handler (I am doing this b/c I need to run with both
>maillists and individual users), the following instructions are given.
>5. As mailman, run /home/mailman/bin/genaliases
>Check for a file /home/mailman/data/aliases and
>also TWO files /etc/mailman.aliases and /etc/mailman.aliases.db
>6. Test creating a list using /home/mailman/bin/newlist
>Check for the appearance of aliases for that list in
>Add some users and test the list
>First, I don't see how to login or sudo as mailman if the user is set up
>without a shell. Second, both steps refer to a home directory that does
>not exist if the user is set up with no home. In other words, the
>instructions seem to contradict the basic instruction for how to set up
>the mailman user.
>Please help me better understand what is needed here.
Well, you are correct, you can't sudo if there is no shell for the
user you want to impersonate. But that is irrelevant here as there is
no need to do so (see next paragraph). Based on what you quote above,
it seems to me that he has installed his mailman distribution in the
/home/mailman directory. The default installation directory for a
source install is /usr/local/mailman, some packaged versions are put
in other places by the distribution authors.
Now you really do not need to sudo as the mailman user. All you need
to do is be a member of the mailman group. You should add yourself to
the mailman group you would have created during setup and then you
will be able to execute the scripts. This is predicated on all of the
scripts having proper permissions so you would have had to run the
bin/check_perms script with the -f option until you received no
errors (run it as root when you do that).
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
More information about the Mailman-Users