On 04.11.24 09:13, Odhiambo Washington via Mailman-users wrote:
On Mon, Nov 4, 2024 at 10:34 AM Gerald Vogt <v...@spamcop.net> wrote:
On your server it looks like this:

# ls -la /etc/mailman3
total 28
drwxr-xr-x.  2 root mailman   95 Oct 25 08:12 .
drwxr-xr-x. 99 root root    8192 Oct 29 07:42 ..
-rw-r--r--.  1 root mailman  266 Oct 25 07:37 gunicorn.conf
-rw-r-----.  1 root mailman   92 Nov 21  2023 mailman-hyperkitty.cfg
-rw-r-----.  1 root mailman  797 Sep  9 11:20 mailman.cfg
-rw-r-----.  1 root mailman 3015 Oct 25 08:12 settings.py

and it works just fine.


True, but making the mailman user own the files makes life easier when you
operate from the virtualenv -
you do not have to exit the virtualenv to edit the files in /etc/mailman3,
and then re-enter the virtualenv.

The virtualenv doesn't change the current uid. That doesn't make a difference.

You do not have to give the mailman user sudoer rights. That's the whole
point about the below:

```
sudo mkdir /etc/mailman3
sudo chown mailman:mailman /etc/mailman3
sudo chmod 755 /etc/mailman3
```

Well, that essentially was my question: why does the mailman user require sudo rights? Why does it need to be able to write or change those files/directories? Except for the convenience which isn't a reason to weaken security.

In respect to security, i.e. separation of the service user from write access to it's core configuration files, it should not be done unless absolutely necessary. I haven't seen a reason, yet, and our server runs just fine. That's why I am asking.

Thanks,

Gerald
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at: 
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/QOK5ZTGZDBXI5YBWLIDLN7R4WINYKC7G/

This message sent to arch...@mail-archive.com

Reply via email to