On 04.11.24 09:13, Odhiambo Washington via Mailman-users wrote:
On Mon, Nov 4, 2024 at 10:34 AM Gerald Vogt <vogt@spamcop.net> wrote:
On your server it looks like this:
# ls -la /etc/mailman3 total 28 drwxr-xr-x. 2 root mailman 95 Oct 25 08:12 . drwxr-xr-x. 99 root root 8192 Oct 29 07:42 .. -rw-r--r--. 1 root mailman 266 Oct 25 07:37 gunicorn.conf -rw-r-----. 1 root mailman 92 Nov 21 2023 mailman-hyperkitty.cfg -rw-r-----. 1 root mailman 797 Sep 9 11:20 mailman.cfg -rw-r-----. 1 root mailman 3015 Oct 25 08:12 settings.py
and it works just fine.
True, but making the mailman user own the files makes life easier when you operate from the virtualenv - you do not have to exit the virtualenv to edit the files in /etc/mailman3, and then re-enter the virtualenv.
The virtualenv doesn't change the current uid. That doesn't make a difference.
You do not have to give the mailman user sudoer rights. That's the whole point about the below:
sudo mkdir /etc/mailman3 sudo chown mailman:mailman /etc/mailman3 sudo chmod 755 /etc/mailman3
Well, that essentially was my question: why does the mailman user require sudo rights? Why does it need to be able to write or change those files/directories? Except for the convenience which isn't a reason to weaken security.
In respect to security, i.e. separation of the service user from write access to it's core configuration files, it should not be done unless absolutely necessary. I haven't seen a reason, yet, and our server runs just fine. That's why I am asking.
Thanks,
Gerald