Re: [Mailman-Users] mailman user account and login

[Patrick Bogen]

On 2/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 The mailman installation manual seems to imply that the mailman
 account should be added with no ability to log in to it.  I translated
 what appeared to me to be the sense of the line given to Solaris.
As with most daemon accounts..

 However, after having gone through several fire drills of resetting
 file owner from root to mailman, I've set the account up with the
 directory /usr/local/mailman and NP in the /etc/shadow file.
 This allows me to su - mailman from root, but not to get a login
 from anywhere else.  This is the same setup as is used for other
 Solaris blind accounts.
I don't see any reason that this would cause alarm. For caveat, see below...

 Is there any real reason not to use the account this way?  I'm aware
 that Mailman security is based on group identity, not user, but
 external programs such as htdig running under cron need to have
 uid mailman in files it writes to or to be set up as a mailman-uid
 program.  My personal preference is to set the needed uid's in the
 mailman runtime tree.
The main concern with this type of setup is that someone might be able
to exploit a vulnerability in mailman or htdig or whatever to obtain a
login shell for the users they run as. If that login shell is
/bin/false, well, they can just do whatever they want (i.e., nothing
at all) with that. If it's bash, well- that's another story
altogether.

Please note: The mailman user shouldn't *need* a valid shell for
programs to be running with its privileges. If there's not a reason
you need to login (either via su or something else), you're probably
better off giving mailman an invalid shell.

-- 
- Patrick Bogen
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

[Mailman-Users] mailman user account and login

[vancleef]

I thought I'd pose this question to the list.   

The mailman installation manual seems to imply that the mailman
account should be added with no ability to log in to it.  I translated
what appeared to me to be the sense of the line given to Solaris.

However, after having gone through several fire drills of resetting
file owner from root to mailman, I've set the account up with the 
directory /usr/local/mailman and NP in the /etc/shadow file.  
This allows me to su - mailman from root, but not to get a login
from anywhere else.  This is the same setup as is used for other 
Solaris blind accounts.  

Is there any real reason not to use the account this way?  I'm aware
that Mailman security is based on group identity, not user, but 
external programs such as htdig running under cron need to have 
uid mailman in files it writes to or to be set up as a mailman-uid
program.  My personal preference is to set the needed uid's in the
mailman runtime tree.

Hank
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp