On 7/24/19 1:59 PM, Robert Kudyba wrote: > I’m getting some where here. First Apache httpd runs as user:apache:
Right. > Now I see these files, and look at the owner: > ls -lt /var/lib/mailman/lists/mailman/ > total 184 > -rw-rw---- 1 apache mailman 4352 Jul 24 16:55 config.pck > -rw-rw---- 1 apache mailman 4352 Jul 24 16:55 config.pck.last > -rw-rw---- 1 apache mailman 22949 Jul 24 16:54 request.pck > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:51 > config.pck.tmp.dsm.dsm.fordham.edu.5850 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:47 > config.pck.tmp.dsm.dsm.fordham.edu.5342 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:46 > config.pck.tmp.dsm.dsm.fordham.edu.5002 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:38 > config.pck.tmp.dsm.dsm.fordham.edu.3609 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:34 > config.pck.tmp.dsm.dsm.fordham.edu.2986 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:32 > config.pck.tmp.dsm.dsm.fordham.edu.2727 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 13:41 > config.pck.tmp.dsm.dsm.fordham.edu.5113 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:58 > config.pck.tmp.dsm.dsm.fordham.edu.22328 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:40 > config.pck.tmp.dsm.dsm.fordham.edu.19790 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:29 > config.pck.tmp.dsm.dsm.fordham.edu.13505 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:25 > config.pck.tmp.dsm.dsm.fordham.edu.15335 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:23 > config.pck.tmp.dsm.dsm.fordham.edu.14826 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:23 > config.pck.tmp.dsm.dsm.fordham.edu.14771 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 10:03 > config.pck.tmp.dsm.dsm.fordham.edu.22176 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 10:01 > config.pck.tmp.dsm.dsm.fordham.edu.22179 > -rw-rw-rw- 1 mailman mailman 3122 Jul 24 10:01 pending.pck > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 09:00 > config.pck.tmp.dsm.dsm.fordham.edu.6326 > -rw-rw-rw- 1 mailman mailman 4350 Jul 24 09:00 > config.pck.tmp.dsm.dsm.fordham.edu.6329 > -rw-rw-rw- 1 mailman mailman 2438 Jul 23 08:51 digest.mbox > > Whenever I am in the admin page the 1st 3 files get changed to user:apache. This is all as it should be. Note that all the config.pck.tmp.dsm.dsm.fordham.edu.pppp files are left from when the linking of config.pck to config.pck.last failed as described at <https://mail.python.org/pipermail/mailman-users/2019-July/084590.html>. They can be removed. The owner of these files doesn't matter. It is the mailman group that matters. When apache saves a list, it is running as user:group apache:mailman. This is how the files get created. It is the mailman group and its permissions that allow this. When a qrunner saves a list it is running as mailman:mailman and the created files have that user:group. When a web CGI saves a list it is running as apache:mailman and the created files have that user:group. This is all expected and it is the group permissions that allow the operations. > Is there perhaps something in the .service file that I need to change? > cat /usr/lib/systemd/system/mailman.service > [Unit] > Description=GNU Mailing List Manager > After=syslog.target network.target > > [Service] > ExecStartPre=/usr/lib/mailman/bin/mailman-update-cfg Ask RedHat about this one. > ExecStartPre=/usr/bin/install -m644 -o mailman -g mailman > /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman This is also a RedHat thing. > ExecStartPre=/bin/touch /var/log/mailman/error > ExecStartPre=/bin/chown mailman:mailman /var/log/mailman/error > ExecStartPre=/bin/chmod 666 /var/log/mailman/error The above should not be necessary at all. > ExecStart=/usr/lib/mailman/bin/mailmanctl -s start > ExecReload=/usr/lib/mailman/bin/mailmanctl restart > ExecStop=/usr/lib/mailman/bin/mailman-update-cfg > ExecStop=/usr/lib/mailman/bin/mailmanctl stop > ExecStop=/bin/sh -c 'echo -e "# DO NOT EDIT THIS FILE!\n#\n# Contents of this > file managed by /etc/init.d/mailman\n# Master copy is > /usr/lib/mailman/cron/crontab.in" > /etc/cron.d/mailman' > Type=forking > > [Install] > WantedBy=multi-user.target > > Does the user NEED to be the same as who Apache runs as? No. the group has to be mailman. the user is irrelevant. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
