[Mailman-Users] how to run mailman scripts beside being root?

[Dragon]

Jana Nguyen sent the message below at 10:39 5/30/2006:
>I am running other applications that needs to invoke mailman to create a
>new list and add a member to the list
>by calling "newlist" and "add_memebers" as user "tomcat".
>
>I have mailman setup with ownership "root" and group "mailman".  So how
>do I make mailman scripts "newlist" and "add_members" so
>it can be run as user tomcat?  Although the permissions on these scripts
>are 755 it doesn't allow other user beside root to create a new list
>or add a member to the list.
---------------- End original message. ---------------------

First thing I will point out is that running anything as root is a 
bad idea unless you absolutely need root access. I would suggest 
creating a user named mailman with no shell access and using that as 
the owner instead. This is a pretty important thing for security, 
root access can have very serious implications and may allow an 
attacker to gain control of your server.


The real problem you are having here is tied to the permissions on 
the list directory you are trying to access. This being the critical 
information in the trace back:

OSError: [Errno 13] Permission denied: '/usr/local/mailman/lists/jtest11'


In order to get things to work the way you want, the user tomcat must 
be made a member of the mailman group. All of the scripts should be 
configured as set_gid, and the list configuration files and 
associated directories should be group writable. If they aren't, you 
should run bin/fix_perms -f to configure the permissions correctly.

But before you do that, I would very seriously recommend that you 
rebuild and reinstall your mailman installation so it is not owned by 
root before somebody trashes your machine.


Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~