Hi Mark,
thanks for your response.
On 9/23/19 1:29 AM, Mark Sapiro wrote:
On 9/22/19 2:11 AM, Tobias Hachmer via Mailman-users wrote:
Now, running the scheduled tasks (which run from user+group "nginx") for django I ran into permission problems, because the nginx user can't access/write to the needed files in /opt/mailman3/core/...
I would appreciate any hints how to run the different peaces of mailman3 with the correct user/groups/permissions.
Set up everything as user:group mailman3:mailman3. I.e.,
chown -R mailman3:mailman3 /opt/mailman3/web
and set the uwsgi service to drop privileges to user+group "mailman3".
So simple, now the scheduled tasks are working, but the whole web service did not work because the web server user nginx can't access and write to the uwsgi socket anymore /opt/mailman3/web/project/run/uwsgi.sock.
# chown -R nginx:mailman3 /opt/mailman3/web
This works for all. But isn't it a security risk that e.g. manage.py and settings.py is read- and writeable by the webserver?
Regards, Tobias