On 04.11.24 09:13, Odhiambo Washington via Mailman-users wrote:
On Mon, Nov 4, 2024 at 10:34 AM Gerald Vogt <v...@spamcop.net> wrote:
On your server it looks like this:
# ls -la /etc/mailman3
total 28
drwxr-xr-x. 2 root mailman 95 Oct 25 08:12 .
drwxr-xr-x. 99 root root 8192 Oct 29 07:42 ..
-rw-r--r--. 1 root mailman 266 Oct 25 07:37 gunicorn.conf
-rw-r-----. 1 root mailman 92 Nov 21 2023 mailman-hyperkitty.cfg
-rw-r-----. 1 root mailman 797 Sep 9 11:20 mailman.cfg
-rw-r-----. 1 root mailman 3015 Oct 25 08:12 settings.py
and it works just fine.
True, but making the mailman user own the files makes life easier when you
operate from the virtualenv -
you do not have to exit the virtualenv to edit the files in /etc/mailman3,
and then re-enter the virtualenv.
The virtualenv doesn't change the current uid. That doesn't make a
difference.
You do not have to give the mailman user sudoer rights. That's the whole
point about the below:
```
sudo mkdir /etc/mailman3
sudo chown mailman:mailman /etc/mailman3
sudo chmod 755 /etc/mailman3
```
Well, that essentially was my question: why does the mailman user
require sudo rights? Why does it need to be able to write or change
those files/directories? Except for the convenience which isn't a reason
to weaken security.
In respect to security, i.e. separation of the service user from write
access to it's core configuration files, it should not be done unless
absolutely necessary. I haven't seen a reason, yet, and our server runs
just fine. That's why I am asking.
Thanks,
Gerald
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/QOK5ZTGZDBXI5YBWLIDLN7R4WINYKC7G/
This message sent to arch...@mail-archive.com