[Pkg-mlmmj-devel] Bug#617242: Bug#617242: mlmmj-make-ml does not ensure correct permissions for created files and directories

Zhang Huangbin zhb at iredmail.org
Mon Nov 6 04:24:17 UTC 2017 

> On Nov 6, 2017, at 11:07 AM, Chris Knadle <Chris.Knadle at coredump.us> wrote:
> 
>> I have my umask set to 0027. If I run mlmmj-make-ml with sudo, then
>> this umask is inherited, and used to create all the files and
>> directories for a new mailing list, which is wrong. The files and
>> directories should be explicitly chmodded to the correct permissions.
> 
> The mlmmj package in Debian doesn't come with pre-configuration for a
> specific MTA, nor setting up a user for mlmmj, instead giving
> administrative guidance for basic setups with various MTAs, and allowing
> for more complex configurations by leaving ownership and permissions
> configuration to the administrator. As far as I can tell, the specific
> permissions for files in /var/spool/mlmmj/ likely differ depending on
> the specific setup used.
> 
> Do you believe there are specific permissions that always neeed to be
> used regardless of specific MTA and setup?

I use mlmmj with Postfix, it’s configured by following mlmmj doc[1].

*) Postfix pipes email to command 'mlmmj-receive’. Postfix doesn’t
need to know any further info about the mail message itself, we’d better
run ‘mlmmj-receive’ as a non-privileged user/group. In my case, it's
“mlmmj:mlmmj”.

*) After take over the mail message, mlmmj is the only one program who
processes the message, so the directory used to store mailing lists is better
to be set to owner/group “mlmmj:mlmmj” with permission 0700 (or 0770).

IMO, with Postfix integration, it should be a requirement to:

- create user/group “mlmmj:mlmmj”
- create directory /var/spool/mlmmj, and owned by “mlmmj:mlmmj” with
  permission 0700.
- also setup a cron job to run command “mlmmj-maintd”[2] every 2 hours.

[1] http://mlmmj.org/docs/readme-postfix/
[2] http://mlmmj.org/docs/mlmmj-maintd/

----
Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/
Time zone: GMT+8 (China/Beijing).
Available on Telegram: https://t.me/iredmail

More information about the Pkg-mlmmj-devel mailing list