Bill Honneus (honneus) wrote:
Hi,
I'm a little confused about something regarding setting up Mailman to
run using Sendmail. The following are instructions for how to create
the mailman user. My first question is, why is the user created with no
shell and no home? The documentation does not explain the reason why
this is needed.
% groupadd mailman
% useradd -c''GNU Mailman'' -s /no/shell -d /no/home -g mailman mailman
This is a standard security tactic for user accounts that are there
for the sole purpose of running daemon processes. It helps prevent an
attacker from usurping control under that user name.
I would seriously suggest following the convention as it is an added
layer of protection against malicious access.
Second, in Ed Greenbergs workaround for integrating with Sendmail
without mm-handler (I am doing this b/c I need to run with both
maillists and individual users), the following instructions are given.
5. As mailman, run /home/mailman/bin/genaliases
Check for a file /home/mailman/data/aliases and
also TWO files /etc/mailman.aliases and /etc/mailman.aliases.db
6. Test creating a list using /home/mailman/bin/newlist
Check for the appearance of aliases for that list in
/etc/mailman.aliases
Add some users and test the list
First, I don't see how to login or sudo as mailman if the user is set up
without a shell. Second, both steps refer to a home directory that does
not exist if the user is set up with no home. In other words, the
instructions seem to contradict the basic instruction for how to set up
the mailman user.
Please help me better understand what is needed here.
Well, you are correct, you can't sudo if there is no shell for the
user you want to impersonate. But that is irrelevant here as there is
no need to do so (see next paragraph). Based on what you quote above,
it seems to me that he has installed his mailman distribution in the
/home/mailman directory. The default installation directory for a
source install is /usr/local/mailman, some packaged versions are put
in other places by the distribution authors.
Now you really do not need to sudo as the mailman user. All you need
to do is be a member of the mailman group. You should add yourself to
the mailman group you would have created during setup and then you
will be able to execute the scripts. This is predicated on all of the
scripts having proper permissions so you would have had to run the
bin/check_perms script with the -f option until you received no
errors (run it as root when you do that).
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
