| paul@955 | 1 | = System Users and Filesystem Access = |
| paul@955 | 2 | |
| paul@955 | 3 | The data handled by imip-agent needs to be accessible to other software, |
| paul@955 | 4 | notably mail handling software and Web server software. Two approaches to |
| paul@955 | 5 | [[../MailIntegration|e-mail integration]] affect the choice of system users |
| paul@955 | 6 | and groups: |
| paul@955 | 7 | |
| paul@955 | 8 | {{{#!table |
| paul@1004 | 9 | '''Integration Method''' || '''System Users and Groups''' || '''Suitable for...''' |
| paul@955 | 10 | == |
| paul@1004 | 11 | Using a dedicated `lmtp` group |
| paul@955 | 12 | || `imip-agent` belongs to `lmtp` and `www-data` groups<<BR>> |
| paul@955 | 13 | .. `www-data` also belongs to the `lmtp` group |
| paul@1004 | 14 | || [[../MailIntegration/LMTP|LMTP delivery]] and |
| paul@1004 | 15 | .. [[../MailIntegration/LocalSMTP|Local SMTP delivery]] |
| paul@955 | 16 | == |
| paul@1004 | 17 | Using an existing group |
| paul@955 | 18 | || `imip-agent` belongs to the `www-data` group |
| paul@1004 | 19 | || [[../MailIntegration/LocalSMTP|Local SMTP delivery]] |
| paul@955 | 20 | }}} |
| paul@955 | 21 | |
| paul@955 | 22 | The corresponding strategies are described in more detail below. |
| paul@955 | 23 | |
| paul@1004 | 24 | == Using a Dedicated LMTP-Related Group == |
| paul@955 | 25 | |
| paul@1004 | 26 | Here, imip-agent's programs can run in a way that permits them to initiate |
| paul@1004 | 27 | [[../MailIntegration/LMTP|LMTP delivery]] (requiring suitable local privileges |
| paul@1004 | 28 | to communicate with the mail storage solution) whilst allowing the Web server |
| paul@1004 | 29 | to read data written by the [[../AgentPrograms|agent programs]]. |
| paul@955 | 30 | |
| paul@955 | 31 | A system group needs to be created for LMTP delivery and for certain users to |
| paul@955 | 32 | share resources: |
| paul@955 | 33 | |
| paul@955 | 34 | {{{ |
| paul@955 | 35 | addgroup lmtp |
| paul@955 | 36 | }}} |
| paul@955 | 37 | |
| paul@955 | 38 | This group should be employed for LMTP delivery by systems like Cyrus and |
| paul@984 | 39 | Dovecot. See the [[../MailboxIntegration|mail storage guide]] for more |
| paul@955 | 40 | information. |
| paul@955 | 41 | |
| paul@955 | 42 | A system user needs to be created and to belong to certain groups in order to |
| paul@955 | 43 | deliver messages to mail stores and to publish resources on the Web: |
| paul@955 | 44 | |
| paul@955 | 45 | {{{ |
| paul@955 | 46 | useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent |
| paul@955 | 47 | }}} |
| paul@955 | 48 | |
| paul@955 | 49 | Store details and published resources need to be accessible by the `imip-agent` |
| paul@955 | 50 | and `www-data` users. Thus, `www-data` also needs to belong to the `lmtp` group: |
| paul@955 | 51 | |
| paul@955 | 52 | {{{ |
| paul@955 | 53 | adduser www-data lmtp |
| paul@955 | 54 | }}} |
| paul@955 | 55 | |
| paul@1004 | 56 | {{{#!wiki tip |
| paul@1004 | 57 | This configuration should also work with the |
| paul@1004 | 58 | [[../MailIntegration/LocalSMTP|local SMTP delivery]] method, because the `lmtp` |
| paul@1004 | 59 | group membership will be superfluous for the `imip-agent` user. So, if the use |
| paul@1004 | 60 | of such a group is not problematic, this approach is a reasonable default choice. |
| paul@1004 | 61 | Moreover, there may be a need to create the `lmtp` group, anyway, so that MTAs |
| paul@1004 | 62 | can deliver to [[../MailboxIntegration|mail storage solutions]]. |
| paul@1004 | 63 | }}} |
| paul@1004 | 64 | |
| paul@1004 | 65 | == Using an Existing Group == |
| paul@955 | 66 | |
| paul@955 | 67 | Here, imip-agent's programs run in a way that permits local SMTP delivery |
| paul@955 | 68 | (which merely needs the ability to connect to a local network service) whilst |
| paul@1004 | 69 | allowing the Web server to read data written by the |
| paul@1004 | 70 | [[../AgentPrograms|agent programs]]. This approach provides a means of keeping |
| paul@1004 | 71 | imip-agent separate from mail-related users and groups. |
| paul@984 | 72 | |
| paul@955 | 73 | A system user needs to be created and to belong to certain groups in order to |
| paul@955 | 74 | deliver messages to mail stores and to publish resources on the Web: |
| paul@955 | 75 | |
| paul@955 | 76 | {{{ |
| paul@955 | 77 | useradd -d /var/lib/imip-agent -m -U -G www-data -r imip-agent |
| paul@955 | 78 | }}} |
| paul@955 | 79 | |
| paul@955 | 80 | Again, the `tools/init.sh` script will initialise directories for stored and |
| paul@955 | 81 | published data. The `tools/config.sh` script should be edited and the group |
| paul@955 | 82 | redefined as follows: |
| paul@955 | 83 | |
| paul@955 | 84 | {{{ |
| paul@955 | 85 | IMIP_AGENT_GROUP=www-data |
| paul@955 | 86 | }}} |
| paul@955 | 87 | |
| paul@955 | 88 | If already installed, the `/etc/imip-agent/config.sh` script should be edited |
| paul@955 | 89 | instead. See the [[../Configuration|configuration guide]] for more information. |
| paul@955 | 90 | |
| paul@955 | 91 | With local SMTP delivery, the mail system will need to be configured to route |
| paul@955 | 92 | messages for local recipients. See the [[../MailIntegration/LocalSMTP|local SMTP]] |
| paul@955 | 93 | description of mail configuration for more information. |
| paul@955 | 94 | |
| paul@955 | 95 | == Updating the Configuration == |
| paul@955 | 96 | |
| paul@955 | 97 | Once the necessary decisions have been taken here, the system's |
| paul@955 | 98 | [[../Configuration|configuration]] will need updating so that the software and |
| paul@955 | 99 | tools will work correctly. |
