Dragon wrote: > Jana Nguyen sent the message below at 10:39 5/30/2006: > >> I am running other applications that needs to invoke mailman to create a >> new list and add a member to the list >> by calling "newlist" and "add_memebers" as user "tomcat". >> >> I have mailman setup with ownership "root" and group "mailman". So how >> do I make mailman scripts "newlist" and "add_members" so >> it can be run as user tomcat? Although the permissions on these scripts >> are 755 it doesn't allow other user beside root to create a new list >> or add a member to the list. > > ---------------- End original message. --------------------- > > First thing I will point out is that running anything as root is a bad > idea unless you absolutely need root access. I would suggest creating > a user named mailman with no shell access and using that as the owner > instead. This is a pretty important thing for security, root access > can have very serious implications and may allow an attacker to gain > control of your server. > > > The real problem you are having here is tied to the permissions on the > list directory you are trying to access. This being the critical > information in the trace back: > > OSError: [Errno 13] Permission denied: '/usr/local/mailman/lists/jtest11' > > > In order to get things to work the way you want, the user tomcat must > be made a member of the mailman group.
I added user tomcat to mailman group in /etc/group > All of the scripts should be configured as set_gid, How can I configure the scripts as set_gid? This does not seem to be on the list of configuration options which mailman doc described. > and the list configuration files and associated directories should be > group writable. If they aren't, you should run bin/fix_perms -f to > configure the permissions correctly. I don't have bin/fix_perms script. I'm running mailman 2.1. So I manually chmod 775 to lists dir. Thanks! > > But before you do that, I would very seriously recommend that you > rebuild and reinstall your mailman installation so it is not owned by > root before somebody trashes your machine. > > > Dragon > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Venimus, Saltavimus, Bibimus (et naribus canium capti sumus) > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
