under which uid should uwsgi/manage.py run?
My current setup has
uid = www gid = www
in uwsgi.ini
For DB access, I’m using client certs, where the key is only readable for owner, so I have 2 cert locations. One is configured in settings per OPTIONS in DATABASES The other uses the default location .postgresql und the mailman home.
Looking at var, I see:
(mailman_33) [root@lists5 /usr/local/mailman3/var]# ls -l total 46 drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 archives drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 cache drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 data drwxr-xr-x 2 root www 4 13 Jan. 17:32 etc drwxr-xr-x 3 mailman www 3 13 Jan. 22:22 lists drwxr-xr-x 2 mailman www 4 14 Jan. 10:02 locks drwxr-xr-x 2 mailman www 7 13 Jan. 17:32 logs -rw-rw---- 1 mailman www 6 13 Jan. 17:32 master.pid drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 messages drwxr-xr-x 14 mailman www 14 13 Jan. 17:32 queue drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 templates
I could allow write access for group www, but I suspect other problems.
What is the recommended setting?
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
On 14/1/22 11:44, Axel Rau wrote:
My current setup has
uid = www gid = www
in uwsgi.ini
Hi Axel. I'm running mailman3 in Fbsd too. I have the same uid and gid in uwsgi.ini (www)
But I see differences in owner in the files under ../var. These are mine:
/usr/local/mailman3/var # ls -la total 292 drwxr-xr-x 12 mailman mailman 512 Jan 14 06:39 . drwxr-xr-x 10 mailman mailman 1536 Jan 14 10:53 .. drwxr-xr-x 3 mailman mailman 512 Dec 24 2020 archives drwxr-xr-x 2 mailman mailman 512 Dec 23 2020 cache drwxr-xr-x 2 mailman mailman 512 Jan 14 06:39 data drwxr-xr-x 2 mailman mailman 512 Dec 20 2020 etc drwxr-xr-x 21 mailman mailman 1024 Jul 8 2021 lists drwxr-xr-x 2 mailman mailman 512 Jan 14 12:39 locks drwxr-xr-x 2 mailman mailman 512 Dec 23 2020 logs -rw-rw---- 1 mailman mailman 5 Jan 14 06:39 master.pid drwxr-xr-x 950 mailman mailman 11776 Dec 15 17:08 messages -rw-rw---- 1 mailman mailman 236797 Jan 12 21:03 public_suffix_list.dat drwxr-xr-x 14 mailman mailman 512 Dec 23 2020 queue drwxr-xr-x 3 mailman mailman 512 Dec 24 2020 templates
I've read your mail about your installation and I did it different. I followed the steps that I detailed in https://forums.freebsd.org/threads/mailman-3.61050/#post-488128
Thus I don't know if it can help, but I know for sure that I don't like that your ../var/etc dir is owned by root.
For DB access, I’m using client certs, where the key is only readable for owner, so I have 2 cert locations. One is configured in settings per OPTIONS in DATABASES The other uses the default location .postgresql und the mailman home.
Looking at var, I see:
(mailman_33) [root@lists5 /usr/local/mailman3/var]# ls -l total 46 drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 archives drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 cache drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 data drwxr-xr-x 2 root www 4 13 Jan. 17:32 etc drwxr-xr-x 3 mailman www 3 13 Jan. 22:22 lists drwxr-xr-x 2 mailman www 4 14 Jan. 10:02 locks drwxr-xr-x 2 mailman www 7 13 Jan. 17:32 logs -rw-rw---- 1 mailman www 6 13 Jan. 17:32 master.pid drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 messages drwxr-xr-x 14 mailman www 14 13 Jan. 17:32 queue drwxr-xr-x 2 mailman www 2 13 Jan. 17:32 templates
I could allow write access for group www, but I suspect other problems.
What is the recommended setting?
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
Mailman-users mailing list --mailman-users@mailman3.org To unsubscribe send an email tomailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
--
Mailman's content filtering has removed the following MIME parts from this message.
Content-Type: image/png Name: firma-GHP-emails.png
Replaced multipart/alternative part with first alternative.
Hi Guillermo,
thanks for your reply.
Am 14.01.2022 um 12:51 schrieb Guillermo Hernandez (Oldno7) via Mailman-users <mailman-users@mailman3.org <mailto:mailman-users@mailman3.org>>:
. . .
drwxr-xr-x 21 mailman mailman 1024 Jul 8 2021 lists
How are new lists created by the web frontend with uid www? I like your approach, but must resolve my pgsql cert access issue.
I've read your mail about your installation and I did it different. I followed the steps that I detailed in https://forums.freebsd.org/threads/mailman-3.61050/#post-488128 <https://forums.freebsd.org/threads/mailman-3.61050/#post-488128>
I followed the same, but had trouble with the recent cryptography python package. I’m now at Python3.9
Thus I don't know if it can help, but I know for sure that I don't like that your ../var/etc dir is owned by root.
I have changed that to mailman.
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
On 14/1/22 18:16, Axel Rau wrote:
Hi Guillermo,
thanks for your reply.
Am 14.01.2022 um 12:51 schrieb Guillermo Hernandez (Oldno7) via Mailman-users <mailman-users@mailman3.org <mailto:mailman-users@mailman3.org>>:
. . .
drwxr-xr-x 21 mailman mailman 1024 Jul 8 2021 lists How are new lists created by the web frontend with uid www?
That's because is not "www" who is doing that work (I suspect). In my apache24 httpd.conf file I have these lines
##### LoadModule wsgi_module "/usr/local/lib/python3.7/site-packages/mod_wsgi/server/mod_wsgi-py37.so" WSGIPythonHome "/usr/local" WSGIDaemonProcess hyperkitty threads=25 python-path=/usr/local/mailman3 user=mailman3 group=mailman WSGIProcessGroup hyperkitty ####
In the httpd-vhosts.conf I have all the Alias directives and, related to this, this lines:
WSGIScriptAlias /mailman3 /usr/local/mailman3/wsgi.py process-group=hyperkitty WSGIScriptAlias /hyperkitty /usr/local/mailman3/wsgi.py process-group=hyperkitty WSGIScriptAlias /postorius /usr/local/mailman3/wsgi.py process-group=hyperkitty WSGIScriptAlias /archives /usr/local/mailman3/wsgi.py process-group=hyperkitty
<Directory "/usr/local/mailman3"> <Files wsgi.py> Require all granted </Files> WSGIProcessGroup hyperkitty
</Directory> #####
I believe that you can be suffering of a mixup of configuration files (al least the ownership that has to be mailman).
I like your approach, but must resolve my pgsql cert access issue.
I've read your mail about your installation and I did it different. I followed the steps that I detailed in https://forums.freebsd.org/threads/mailman-3.61050/#post-488128 <https://forums.freebsd.org/threads/mailman-3.61050/#post-488128> I followed the same, but had trouble with the recent cryptography python package. I’m now at Python3.9
Thus I don't know if it can help, but I know for sure that I don't like that your ../var/etc dir is owned by root. I have changed that to mailman.
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
On 1/14/22 2:44 AM, Axel Rau wrote:
What is the recommended setting?
All Mailman processes including Mailman core's runners and all Postorius, HyperKitty Django processes and Django management commands should run as the Mailman user.
If things have been run as another user, particularly root, some files or directories may have been created that are not accessible by the Mailman user. This should be fixed by adjusting the ownership of those things.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am 14.01.2022 um 18:11 schrieb Mark Sapiro <mark@msapiro.net>:
All Mailman processes including Mailman core's runners and all Postorius, HyperKitty Django processes and Django management commands should run as the Mailman user. Including the uwagi processes ? I.e. uid=mailman gid=mailman in uwsgi.ini ?
Axel
PGP-Key: CDE74120 ☀ computing @ chaos claudius
Mailman's content filtering has removed the following MIME parts from this message.
Replaced multipart/alternative part with first alternative.
On 1/14/22 9:17 AM, Axel Rau wrote:
Am 14.01.2022 um 18:11 schrieb Mark Sapiro <mark@msapiro.net>:
All Mailman processes including Mailman core's runners and all Postorius, HyperKitty Django processes and Django management commands should run as the Mailman user. Including the uwagi processes ? I.e. uid=mailman gid=mailman in uwsgi.ini ?
Yes, that's how Django and hence Postorius and HyperKitty are run.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (4)
-
Axel Rau -
Axel Rau
-
Guillermo Hernandez (Oldno7) -
Mark Sapiro