lists-archives: ownership of files
Hi,
in the last two weeks I've been working with netgod's lists-archives
package. Some people told me wmf would be a more adequate choice for
list archiving software, I looked at it, but I still like mhonarc's
approach better. [ oh, btw, this is on debian-mentors because I'm
packaging lists-archives for local use. If I can do something useful
with it, I could adopt the package but that's a different issue ]
I've faced several problems. First, netgod's package says one should
add an `archive' alias to /etc/aliases, like this:
archive: "|/usr/bin/procmail /etc/lists-archives/procmailrc"
I tried it under smail (I think, it's either that or exim) and the
alias is run as nobody/somegroup. The procmail recipe needs to write
to /var/lib/lists-archives/lists, but as nobody it can't do this.
I _think_ sendmail provides some way to expand the aliases as another
user, but I'm not really sure. I'd guess the other MTA's can do
that, too.
The only way out I could find was to create an `archive' system user,
like this:
adduser --system \
--quiet \
--disabled-password \ # superfluous, system does this already
--home /var/lib/lists-archives
--ingroup daemon \
archive
with a symlink like this:
/var/lib/lists-archives/.procmailrc -> /etc/lists-archives/procmailrc
this way I can subscribe archive@somehost to the mailing list and
everything is ok. (Now that I think about this, maybe
/usr/lib/lists-archives would be a better home for this user)
Is `archive' too generic? Any suggestions?
I can grep /etc/passwd and use ypcat if available to check for the
existance of `archive'. How should I do that? Use ypcat _first_ or
grep /etc/passwd first?
Taking a look at listar's (0.121a) postinst, it does this:
UNAME=listar
HOMEDIR=/usr/lib/listar
adduser --system --home $HOMEDIR --group $UNAME
if ! grep -q "^${UNAME}:.*${HOMEDIR}" /etc/passwd
then
echo Failed to create user $UNAME
exit 1
fi
if ! grep -q \^${UNAME}: /etc/group
then
echo Failed to create group $UNAME
exit 1
fi
unconditionally. That's bad. Isn't it? (It doesn't even bother to
check if it's being configured, aborted, replaced, whatever)
About this user's group, in netgod's package, everything (almost) is
owned by daemon.daemon. Is that ok? Should I create an `archive'
group, too? (i.e., just pass --group to adduser)
Procmail will try to log to /var/log/lists-archives.log, which I have
to chown archive.something on postinst (so procmail can write to it
running as `archive').
/etc/cron.daily/lists-archives has something like this:
su daemon -c "/usr/lib/lists-archives/updatemail"
which I'll change to
su archive -c "/usr/lib/lists-archives/updatemail"
because updatemail needs to write to
/var/lib/lists-archives/timestamp, and I don't want to make the
directory group writeable.
Up to this point I have almost succeded in making a `plug and play'
package, I mean, I have modified the configuration files in such a
way that you can install the package, subscribe the address to a
mailing list, and have a working archive.
Thanks in advance, and sorry about the messy message, I have too many
ideas and questions on my head right now...
Marcelo
Reply to: