# HG changeset patch # User Paul Boddie # Date 1446676516 -3600 # Node ID 4bc73eb1e076b8bf91a1cc0c0b35991ba579ee79 # Parent 71b35ab1f0bdf23f233739817ee46d9fc8f24eb5 Updated the system users documentation to indicate that using a dedicated lmtp group is a reasonable default approach, thus removing the suggestion that the different group strategies are strongly bound to the different mail delivery strategies. diff -r 71b35ab1f0bd -r 4bc73eb1e076 docs/wiki/SystemUsers --- a/docs/wiki/SystemUsers Wed Nov 04 17:06:14 2015 +0100 +++ b/docs/wiki/SystemUsers Wed Nov 04 23:35:16 2015 +0100 @@ -6,23 +6,27 @@ and groups: {{{#!table -'''Integration Method''' || '''System Users and Groups''' +'''Integration Method''' || '''System Users and Groups''' || '''Suitable for...''' == -[[../MailIntegration/LMTP|LMTP delivery]] +Using a dedicated `lmtp` group || `imip-agent` belongs to `lmtp` and `www-data` groups<
> .. `www-data` also belongs to the `lmtp` group +|| [[../MailIntegration/LMTP|LMTP delivery]] and +.. [[../MailIntegration/LocalSMTP|Local SMTP delivery]] == -[[../MailIntegration/LocalSMTP|Local SMTP delivery]] +Using an existing group || `imip-agent` belongs to the `www-data` group +|| [[../MailIntegration/LocalSMTP|Local SMTP delivery]] }}} The corresponding strategies are described in more detail below. -== LMTP Delivery == +== Using a Dedicated LMTP-Related Group == -Here, imip-agent's programs run in a way that permits LMTP delivery (requiring -suitable local privileges to communicate with the mail storage solution) -whilst allowing the Web server to read data written by those programs. +Here, imip-agent's programs can run in a way that permits them to initiate +[[../MailIntegration/LMTP|LMTP delivery]] (requiring suitable local privileges +to communicate with the mail storage solution) whilst allowing the Web server +to read data written by the [[../AgentPrograms|agent programs]]. A system group needs to be created for LMTP delivery and for certain users to share resources: @@ -49,18 +53,22 @@ adduser www-data lmtp }}} -== Local SMTP Delivery == +{{{#!wiki tip +This configuration should also work with the +[[../MailIntegration/LocalSMTP|local SMTP delivery]] method, because the `lmtp` +group membership will be superfluous for the `imip-agent` user. So, if the use +of such a group is not problematic, this approach is a reasonable default choice. +Moreover, there may be a need to create the `lmtp` group, anyway, so that MTAs +can deliver to [[../MailboxIntegration|mail storage solutions]]. +}}} + +== Using an Existing Group == Here, imip-agent's programs run in a way that permits local SMTP delivery (which merely needs the ability to connect to a local network service) whilst -allowing the Web server to read data written by those programs. - -{{{#!wiki tip -It is possible to use the above strategy for LMTP with local SMTP delivery -because there may be a need to create the `lmtp` group so that MTAs can deliver -to [[../MailboxIntegration|mail storage solutions]]. However, this approach -provides a means of separating imip-agent from mail-related users and groups. -}}} +allowing the Web server to read data written by the +[[../AgentPrograms|agent programs]]. This approach provides a means of keeping +imip-agent separate from mail-related users and groups. A system user needs to be created and to belong to certain groups in order to deliver messages to mail stores and to publish resources on the Web: