I thought I'd pose this question to the list.
The mailman installation manual seems to imply that the mailman
account should be added with no ability to log in to it. I translated
what appeared to me to be the sense of the line given to Solaris.
However, after having gone through several fire drills of resetting
file owner from root to mailman, I've set the account up with the
directory /usr/local/mailman and "NP" in the /etc/shadow file.
This allows me to su - mailman from root, but not to get a login
from anywhere else. This is the same setup as is used for other
Solaris "blind" accounts.
Is there any real reason not to use the account this way? I'm aware
that Mailman security is based on group identity, not user, but
external programs such as htdig running under cron need to have
uid mailman in files it writes to or to be set up as a mailman-uid
program. My personal preference is to set the needed uid's in the
mailman runtime tree.