Adding members to a mailman3 mailing list
Greetings
I am testing mailman3 on Fedora Linux (32 and Rawhide). I installed it from the distribution's repositories and I am following the documentation at https://docs.mailman3.org/
I have created a mailing list on my instance but for I am unable to add members to it. Please, consider the following session:
COMMAND: sudo -u mailman mailman3 lists
OUTPUT: 1 matching mailing lists found: list@example.com
COMMAND: sudo -u mailman mailman3 members --add members.txt list@example.com
OUTPUT: usage: mailman members [OPTIONS] LISTSPEC Try 'mailman members -h' for help.
Error: Invalid value for '--add' / '-a': Could not open file: members.txt: Permission denied
When I try to use '-' instead of passing a file, I find no intuitive way to exit the standard input. What kind of permission is mailman expecting on the input file? I have tried changing ownership to the mailman user -- same output still. How does one use standard input to add members conclusively?
Much regards Onyeibo
On Wed, 14 Oct 2020 13:06:56 +0100 Onyeibo Oku <onyeibo@schemefusion.com> wrote:
When I try to use '-' instead of passing a file, I find no intuitive way to exit the standard input.
Figured this one out. CTRL+D concludes the standard input
What kind of permission is mailman expecting on the input file? I have tried changing ownership to the mailman user -- same output still.
This one is still a puzzle. Off to explore Postorius
Regards Onyeibo
On 10/14/20 5:06 AM, Onyeibo Oku wrote:
COMMAND: sudo -u mailman mailman3 members --add members.txt list@example.com
OUTPUT: usage: mailman members [OPTIONS] LISTSPEC Try 'mailman members -h' for help.
Error: Invalid value for '--add' / '-a': Could not open file: members.txt: Permission denied
Since you are running the command as user mailman, the file must be
readable by that user. Is it?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Wed, 14 Oct 2020 08:08:58 -0700 Mark Sapiro <mark@msapiro.net> wrote:
Since you are running the command as user
mailman, the file must be readable by that user. Is it?
ls -hl members.txt: -rw-rw-r--. 1 mailman mailman 78 Oct 14 16:15 members.txt
See file permissions and ownership above. Unless mailman3 expects a certain Selinux context.
-- Onyeibo
On 10/14/20 8:25 AM, Onyeibo Oku wrote:
See file permissions and ownership above. Unless mailman3 expects a certain Selinux context.
It could be a SeLinux issue. Mailman itself has nothing to do with SeLinux. It just tries to open the file for reading. This is all in your SeLinux configuration.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Wed, 14 Oct 2020 08:08:58 -0700 Mark Sapiro <mark@msapiro.net> wrote:
Since you are running the command as user
mailman, the file must be readable by that user. Is it?
This question inspired me to run mailman3 directly. It worked! However, I had to execute mailman3 from: /usr/libexec/mailman3/mailman
rather than: /usr/bin/mailman3 (or just, ... mailman3).
What is the recommended way to run mailman3 please?
On 10/14/20 8:45 AM, Onyeibo Oku wrote:
This question inspired me to run mailman3 directly. It worked! However, I had to execute mailman3 from: /usr/libexec/mailman3/mailman
rather than: /usr/bin/mailman3 (or just, ... mailman3).
What is the recommended way to run mailman3 please?
This is a Fedora Packaging question. I don't have an answer for that.
In my case, the mailman command I run invokes a bash file that looks like
#!/bin/bash
exec /opt/mailman/mm/venv/bin/mailman
-C "/opt/mailman/mm/mailman.cfg"
$@
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Wed, 14 Oct 2020 08:53:23 -0700 Mark Sapiro <mark@msapiro.net> wrote:
#!/bin/bash exec /opt/mailman/mm/venv/bin/mailman
-C "/opt/mailman/mm/mailman.cfg"
$@
Greetings Mark,
I gave up on setting up mailman using option #2 while following https://docs.mailman3.org/en/latest/install/install.html (there are lots of unknowns on that route. Certainly, the packagers are considering a lot of things that are not immediately apparent to users). Perhaps, we will see elaborate guides/docs soon.
In the meantime, I moved to option #3 (recommended for production). I hit a grey area when setting up the virtual environment. At https://docs.mailman3.org/en/latest/install/virtualenv.html#virtualenv-insta..., I see:
$ cd /opt/mailman $ python3 -m venv venv
The documentation imply that a 'user' creates the virtual environment but is not explicit about that 'user'.
OUTPUT: Error: [Errno 13] Permission denied: '/opt/mailman/venv'
This is expected. Which makes me wonder ... hmm, how did you do it?
(1) Is it better to have a dedicated user (say 'mailman') then use that while following the docs? I see a lot of docs referring to a 'mailman' user. Installing mailman3 from distribution repository introduced a 'mailman' user to my box (with special UID). There has to be reasons for that.
(2) Should the setup proceed with 'root'? (why do I get the feeling that this is not the design?)
(3) How about using an already existing local user? What are the implications?
Regards Onyeibo
On 10/15/20 2:07 AM, Onyeibo Oku wrote:
In the meantime, I moved to option #3 (recommended for production). I hit a grey area when setting up the virtual environment. At https://docs.mailman3.org/en/latest/install/virtualenv.html#virtualenv-insta..., I see:
$ cd /opt/mailman $ python3 -m venv venv
The documentation imply that a 'user' creates the virtual environment but is not explicit about that 'user'.
The user can be any user you want. I use mailman on my production
installations and mark on my development installation.
The key is that user should be set as owner of /opt/mailman and then creating the venv and subsequent steps are all done as that user.
(1) Is it better to have a dedicated user (say 'mailman') then use that while following the docs? I see a lot of docs referring to a 'mailman' user. Installing mailman3 from distribution repository introduced a 'mailman' user to my box (with special UID). There has to be reasons for that.
Yes, a dedicated Mailman user is best.
(2) Should the setup proceed with 'root'? (why do I get the feeling that this is not the design?)
No. setup should proceed as the Mailman user.
(3) How about using an already existing local user? What are the implications?
That's OK, but there are potential security implications due to the fact that the Mailman processes running as that user have access to all that user's non-mailman stuff.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
In my case, the
mailmancommand I run invokes a bash file that looks like#!/bin/bash exec /opt/mailman/mm/venv/bin/mailman
-C "/opt/mailman/mm/mailman.cfg"
$@
IIRC shell scripts have a race condition, although I don't recall the conditions under which it's exploitable. Perhaps SELinux is sensitive to that. I don't really see how we can take responsibility for such issues except to document it as one user's experience.
participants (3)
-
Mark Sapiro -
Onyeibo Oku -
Stephen J. Turnbull