Debian Bug report logs - #617242
mlmmj-make-ml does not ensure correct permissions for created files and directories

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Reuben Thomas <rrt@sc3d.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 07 Mar 2011 13:16:46 +0000

Package: mlmmj
Version: 1.2.17-1
Severity: minor


I have my umask set to 0027. If I run mlmmj-make-ml with sudo, then
this umask is inherited, and used to create all the files and
directories for a new mailing list, which is wrong. The files and
directories should be explicitly chmodded to the correct permissions.

-- System Information:
Debian Release: squeeze/sid
  APT prefers lucid-updates
  APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid-backports'), (500, 'lucid')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-28-generic (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mlmmj depends on:
ii  debconf [debconf-2.0]  1.5.28ubuntu4     Debian configuration management sy
ii  libc6                  2.11.1-0ubuntu7.8 Embedded GNU C Library: Shared lib
ii  postfix [mail-transpor 2.7.0-1           High-performance mail transport ag

mlmmj recommends no packages.

Versions of packages mlmmj suggests:
pn  mlmmj-php-web                 <none>     (no description available)
ii  mlmmj-php-web-admin           1.2.17-1   administrative web interface for m

-- debconf-show failed

Message #10 received at 617242@bugs.debian.org (full text, mbox, reply):

From: Chris Knadle <Chris.Knadle@coredump.us>

To: Reuben Thomas <rrt@sc3d.org>

Cc: 617242@bugs.debian.org, control@bugs.debian.org

Subject: Re: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 6 Nov 2017 03:07:39 +0000

tag 617242 + moreinfo
thanks

Although this bug is very old I think it deserves are maintainer response.

> I have my umask set to 0027. If I run mlmmj-make-ml with sudo, then
> this umask is inherited, and used to create all the files and
> directories for a new mailing list, which is wrong. The files and
> directories should be explicitly chmodded to the correct permissions.

The mlmmj package in Debian doesn't come with pre-configuration for a
specific MTA, nor setting up a user for mlmmj, instead giving
administrative guidance for basic setups with various MTAs, and allowing
for more complex configurations by leaving ownership and permissions
configuration to the administrator. As far as I can tell, the specific
permissions for files in /var/spool/mlmmj/ likely differ depending on
the specific setup used.

Do you believe there are specific permissions that always neeed to be
used regardless of specific MTA and setup?

   -- Chris

-- 
Chris Knadle
Chris.Knadle@coredump.us

Message #17 received at 617242@bugs.debian.org (full text, mbox, reply):

From: Zhang Huangbin <zhb@iredmail.org>

To: Chris Knadle <Chris.Knadle@coredump.us>, 617242@bugs.debian.org

Cc: Reuben Thomas <rrt@sc3d.org>, control@bugs.debian.org

Subject: Re: [Pkg-mlmmj-devel] Bug#617242: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 6 Nov 2017 12:24:17 +0800

> On Nov 6, 2017, at 11:07 AM, Chris Knadle <Chris.Knadle@coredump.us> wrote:
> 
>> I have my umask set to 0027. If I run mlmmj-make-ml with sudo, then
>> this umask is inherited, and used to create all the files and
>> directories for a new mailing list, which is wrong. The files and
>> directories should be explicitly chmodded to the correct permissions.
> 
> The mlmmj package in Debian doesn't come with pre-configuration for a
> specific MTA, nor setting up a user for mlmmj, instead giving
> administrative guidance for basic setups with various MTAs, and allowing
> for more complex configurations by leaving ownership and permissions
> configuration to the administrator. As far as I can tell, the specific
> permissions for files in /var/spool/mlmmj/ likely differ depending on
> the specific setup used.
> 
> Do you believe there are specific permissions that always neeed to be
> used regardless of specific MTA and setup?

I use mlmmj with Postfix, it’s configured by following mlmmj doc[1].

*) Postfix pipes email to command 'mlmmj-receive’. Postfix doesn’t
need to know any further info about the mail message itself, we’d better
run ‘mlmmj-receive’ as a non-privileged user/group. In my case, it's
“mlmmj:mlmmj”.

*) After take over the mail message, mlmmj is the only one program who
processes the message, so the directory used to store mailing lists is better
to be set to owner/group “mlmmj:mlmmj” with permission 0700 (or 0770).

IMO, with Postfix integration, it should be a requirement to:

- create user/group “mlmmj:mlmmj”
- create directory /var/spool/mlmmj, and owned by “mlmmj:mlmmj” with
  permission 0700.
- also setup a cron job to run command “mlmmj-maintd”[2] every 2 hours.

[1] http://mlmmj.org/docs/readme-postfix/
[2] http://mlmmj.org/docs/mlmmj-maintd/

----
Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/
Time zone: GMT+8 (China/Beijing).
Available on Telegram: https://t.me/iredmail

Message #22 received at 617242@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: Zhang Huangbin <zhb@iredmail.org>, 617242@bugs.debian.org, Chris Knadle <Chris.Knadle@coredump.us>

Cc: Reuben Thomas <rrt@sc3d.org>

Subject: Re: Bug#617242: [Pkg-mlmmj-devel] Bug#617242: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 6 Nov 2017 11:52:49 +0100

On 11/06/2017 05:24 AM, Zhang Huangbin wrote:
> IMO, with Postfix integration, it should be a requirement to:
> 
> - create user/group “mlmmj:mlmmj”
> - create directory /var/spool/mlmmj, and owned by “mlmmj:mlmmj” with
>   permission 0700.
> - also setup a cron job to run command “mlmmj-maintd”[2] every 2 hours.

Clearly, that's a *specific* setup for your own use case. Let me
describe a very different setup.

With MLMMJ, it's possible to have use foo "own" the list, and have it
dropped in his home folder. In such a setup, the user could ssh to the
mlmmj folder, and customize, with ssh, the tunables of the list. The
"home" of the list would be somewhere in /home, owned by foo:foo. In
this type of setup, there's no need for a mlmmj:mlmmj user, and the user
could manually create the cron job with "crontab -e".

I don't think it's up to the Debian package to be opinionated. At most,
we could imagine a debconf question (with no by default) asking if we
want to do what you describe above. But I don't think we should do it
inconditionally.

If someone wants to provide a patch to do the debconf thing described
above, I would approve it. If it's a patch to do it every time, I would
reject it. I hope you understand why.

Cheers,

Thomas Goirand (zigo)

Message #27 received at 617242@bugs.debian.org (full text, mbox, reply):

From: Zhang Huangbin <zhb@iredmail.org>

To: Thomas Goirand <zigo@debian.org>

Cc: 617242@bugs.debian.org, Chris Knadle <Chris.Knadle@coredump.us>, Reuben Thomas <rrt@sc3d.org>

Subject: Re: Bug#617242: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 6 Nov 2017 18:57:36 +0800

> On Nov 6, 2017, at 6:52 PM, Thomas Goirand <zigo@debian.org> wrote:
> 
> Clearly, that's a *specific* setup for your own use case. Let me
> describe a very different setup.
> 
> With MLMMJ, it's possible to have use foo "own" the list, and have it
> dropped in his home folder. In such a setup, the user could ssh to the
> mlmmj folder, and customize, with ssh, the tunables of the list. The
> "home" of the list would be somewhere in /home, owned by foo:foo. In
> this type of setup, there's no need for a mlmmj:mlmmj user, and the user
> could manually create the cron job with "crontab -e".
> 
> I don't think it's up to the Debian package to be opinionated. At most,
> we could imagine a debconf question (with no by default) asking if we
> want to do what you describe above. But I don't think we should do it
> inconditionally.

It’s fine that mlmmj package leaves the tasks (create user/group, etc) to sysadmin.

P.S. i’d prefer to use ‘/var/spool/mlmmj’ as HOME directory of mlmmj
program instead of ‘/home/XXX’ and set it’s shell to /sbin/nologin’.

----
Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/
Time zone: GMT+8 (China/Beijing).
Available on Telegram: https://t.me/iredmail

Message #32 received at 617242@bugs.debian.org (full text, mbox, reply):

From: Reuben Thomas <rrt@sc3d.org>

To: Chris Knadle <Chris.Knadle@coredump.us>

Cc: 617242@bugs.debian.org, control <control@bugs.debian.org>

Subject: Re: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 6 Nov 2017 12:31:09 +0000

[Message part 1 (text/plain, inline)]

On 6 November 2017 at 03:07, Chris Knadle <Chris.Knadle@coredump.us> wrote:

> tag 617242 + moreinfo
> thanks
>
> Although this bug is very old I think it deserves are maintainer response.
>
> > I have my umask set to 0027. If I run mlmmj-make-ml with sudo, then
> > this umask is inherited, and used to create all the files and
> > directories for a new mailing list, which is wrong. The files and
> > directories should be explicitly chmodded to the correct permissions.
>
> The mlmmj package in Debian doesn't come with pre-configuration for a
> specific MTA, nor setting up a user for mlmmj, instead giving
> administrative guidance for basic setups with various MTAs, and allowing
> for more complex configurations by leaving ownership and permissions
> configuration to the administrator. As far as I can tell, the specific
> permissions for files in /var/spool/mlmmj/ likely differ depending on
> the specific setup used.
>

​To be honest, I don't think (it's a long time ago now, as you say) that
this had occurred to me.​

Do you believe there are specific permissions that always neeed to be
> used regardless of specific MTA and setup?
>

​No. However, it would be good to have some opinionated defaults.
Otherwise, this is just another hard-to-set-up package that requires lots
of reading and fiddling, one is not sure (unless one becomes an expert)
that it is set up properly, securely etc., and one gravitates towards
proprietary products or cloud offerings that are simply easier and make
this sort of thing Someone Else's Problem, which is a shame.


So for example​ having an out-of-the-box Postfix integration, along the
lines described above, would be great.


​Given that ​mlmmj is not itself opinionated, offering the choice of
essentially "unconfigured" or "opinionated setup integrated with other
commonly-used Debian  packages" seems like an excellent way to cover both
causal and expert use.

-- 
https://rrt.sc3d.org

[Message part 2 (text/html, inline)]

Message #37 received at 617242@bugs.debian.org (full text, mbox, reply):

From: Chris Knadle <Chris.Knadle@coredump.us>

To: Reuben Thomas <rrt@sc3d.org>

Cc: 617242@bugs.debian.org

Subject: Re: mlmmj-make-ml does not ensure correct permissions for created files and directories

Date: Mon, 6 Nov 2017 16:37:26 +0000

Reuben Thomas:
> On 6 November 2017 at 03:07, Chris Knadle <Chris.Knadle@coredump.us> wrote:
> Do you believe there are specific permissions that always neeed to be
>> used regardless of specific MTA and setup?
>>
> 
> ​No. However, it would be good to have some opinionated defaults.

I don't know what this means, and I don't think it could sanely be
accomplished.

> Otherwise, this is just another hard-to-set-up package that requires lots
> of reading and fiddling, one is not sure (unless one becomes an expert)
> that it is set up properly, securely etc., and one gravitates towards
> proprietary products or cloud offerings that are simply easier and make
> this sort of thing Someone Else's Problem, which is a shame.

I agree with this. At the same, time it's my experience that everything
in email configuration likewise has this "open-ended" issue. Postfix
doesn't by default come with configuration for Amavis, ClamAV,
SpamAssassin, etc, yet any Internet-facing mail server would
realistically need these things and setting them up requires a lot of
fiddling and reading because there are multiple ways to configure them.
And all that would normally come before mlmmj setup. Email server
configuration are specifically allowed to be different, so default
configuration can come only for certain pieces when there are sane
defaults that can be shipped.

Sometimes the MTA and mlmmj are set up by an administrator, and
sometimes it's set up via a web panel. If any default configuration came
with mlmmj on Debian but not upstream, then web panels would need to be
updated to remove whatever default configuration was shipped only on
Debian. i.e. there are unforeseen consequences for this kind of change.

The best thing I can suggest is to sign up for the mlmmj "discussion"
mailing list and discuss this idea there.

   http://mlmmj.org/lists

If there are good default permissions that could be set, upstream would
be the place to make the change, and if there aren't then upstream would
know more about the reason why there aren't.

In the meantime I'm going to mark this bug "wontfix" because I don't see
any better way of handling it.

   -- Chris

-- 
Chris Knadle
Chris.Knadle@coredump.us

Message #46 received at 617242-done@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 617242-done@bugs.debian.org

Subject: Closing

Date: Thu, 23 Nov 2017 12:39:02 +0100

It's time to close this bug.

Send a report that this bug log contains spam.