FAQ
I thought I'd pose this question to the list.

The mailman installation manual seems to imply that the mailman
account should be added with no ability to log in to it. I translated
what appeared to me to be the sense of the line given to Solaris.

However, after having gone through several fire drills of resetting
file owner from root to mailman, I've set the account up with the
directory /usr/local/mailman and "NP" in the /etc/shadow file.
This allows me to su - mailman from root, but not to get a login
from anywhere else. This is the same setup as is used for other
Solaris "blind" accounts.

Is there any real reason not to use the account this way? I'm aware
that Mailman security is based on group identity, not user, but
external programs such as htdig running under cron need to have
uid mailman in files it writes to or to be set up as a mailman-uid
program. My personal preference is to set the needed uid's in the
mailman runtime tree.

Hank

Search Discussions

  • Patrick Bogen at Feb 8, 2007 at 4:27 pm

    On 2/4/07, vancleef at lostwells.net wrote:
    The mailman installation manual seems to imply that the mailman
    account should be added with no ability to log in to it. I translated
    what appeared to me to be the sense of the line given to Solaris.
    As with most daemon accounts..
    However, after having gone through several fire drills of resetting
    file owner from root to mailman, I've set the account up with the
    directory /usr/local/mailman and "NP" in the /etc/shadow file.
    This allows me to su - mailman from root, but not to get a login
    from anywhere else. This is the same setup as is used for other
    Solaris "blind" accounts.
    I don't see any reason that this would cause alarm. For caveat, see below...
    Is there any real reason not to use the account this way? I'm aware
    that Mailman security is based on group identity, not user, but
    external programs such as htdig running under cron need to have
    uid mailman in files it writes to or to be set up as a mailman-uid
    program. My personal preference is to set the needed uid's in the
    mailman runtime tree.
    The main concern with this type of setup is that someone might be able
    to exploit a vulnerability in mailman or htdig or whatever to obtain a
    login shell for the users they run as. If that login shell is
    /bin/false, well, they can just do whatever they want (i.e., nothing
    at all) with that. If it's bash, well- that's another story
    altogether.

    Please note: The mailman user shouldn't *need* a valid shell for
    programs to be running with its privileges. If there's not a reason
    you need to login (either via su or something else), you're probably
    better off giving mailman an invalid shell.

    --
    - Patrick Bogen

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedFeb 4, '07 at 6:40p
activeFeb 8, '07 at 4:27p
posts2
users2
websitelist.org

2 users in discussion

Patrick Bogen: 1 post Vancleef: 1 post

People

Translate

site design / logo © 2022 Grokbase