paul@955 | 1 | = System Users and Filesystem Access = |
paul@955 | 2 | |
paul@955 | 3 | The data handled by imip-agent needs to be accessible to other software, |
paul@955 | 4 | notably mail handling software and Web server software. Two approaches to |
paul@955 | 5 | [[../MailIntegration|e-mail integration]] affect the choice of system users |
paul@955 | 6 | and groups: |
paul@955 | 7 | |
paul@955 | 8 | {{{#!table |
paul@955 | 9 | '''Integration Method''' || '''System Users and Groups''' |
paul@955 | 10 | == |
paul@955 | 11 | [[../MailIntegration/LMTP|LMTP delivery]] |
paul@955 | 12 | || `imip-agent` belongs to `lmtp` and `www-data` groups<<BR>> |
paul@955 | 13 | .. `www-data` also belongs to the `lmtp` group |
paul@955 | 14 | == |
paul@955 | 15 | [[../MailIntegration/LocalSMTP|Local SMTP delivery]] |
paul@955 | 16 | || `imip-agent` belongs to the `www-data` group |
paul@955 | 17 | }}} |
paul@955 | 18 | |
paul@955 | 19 | The corresponding strategies are described in more detail below. |
paul@955 | 20 | |
paul@955 | 21 | == LMTP Delivery == |
paul@955 | 22 | |
paul@955 | 23 | Here, imip-agent's programs run in a way that permits LMTP delivery (requiring |
paul@955 | 24 | suitable local privileges to communicate with the mail storage solution) |
paul@955 | 25 | whilst allowing the Web server to read data written by those programs. |
paul@955 | 26 | |
paul@955 | 27 | A system group needs to be created for LMTP delivery and for certain users to |
paul@955 | 28 | share resources: |
paul@955 | 29 | |
paul@955 | 30 | {{{ |
paul@955 | 31 | addgroup lmtp |
paul@955 | 32 | }}} |
paul@955 | 33 | |
paul@955 | 34 | This group should be employed for LMTP delivery by systems like Cyrus and |
paul@984 | 35 | Dovecot. See the [[../MailboxIntegration|mail storage guide]] for more |
paul@955 | 36 | information. |
paul@955 | 37 | |
paul@955 | 38 | A system user needs to be created and to belong to certain groups in order to |
paul@955 | 39 | deliver messages to mail stores and to publish resources on the Web: |
paul@955 | 40 | |
paul@955 | 41 | {{{ |
paul@955 | 42 | useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent |
paul@955 | 43 | }}} |
paul@955 | 44 | |
paul@955 | 45 | Store details and published resources need to be accessible by the `imip-agent` |
paul@955 | 46 | and `www-data` users. Thus, `www-data` also needs to belong to the `lmtp` group: |
paul@955 | 47 | |
paul@955 | 48 | {{{ |
paul@955 | 49 | adduser www-data lmtp |
paul@955 | 50 | }}} |
paul@955 | 51 | |
paul@955 | 52 | == Local SMTP Delivery == |
paul@955 | 53 | |
paul@955 | 54 | Here, imip-agent's programs run in a way that permits local SMTP delivery |
paul@955 | 55 | (which merely needs the ability to connect to a local network service) whilst |
paul@955 | 56 | allowing the Web server to read data written by those programs. |
paul@955 | 57 | |
paul@984 | 58 | {{{#!wiki tip |
paul@984 | 59 | It is possible to use the above strategy for LMTP with local SMTP delivery |
paul@984 | 60 | because there may be a need to create the `lmtp` group so that MTAs can deliver |
paul@984 | 61 | to [[../MailboxIntegration|mail storage solutions]]. However, this approach |
paul@984 | 62 | provides a means of separating imip-agent from mail-related users and groups. |
paul@984 | 63 | }}} |
paul@984 | 64 | |
paul@955 | 65 | A system user needs to be created and to belong to certain groups in order to |
paul@955 | 66 | deliver messages to mail stores and to publish resources on the Web: |
paul@955 | 67 | |
paul@955 | 68 | {{{ |
paul@955 | 69 | useradd -d /var/lib/imip-agent -m -U -G www-data -r imip-agent |
paul@955 | 70 | }}} |
paul@955 | 71 | |
paul@955 | 72 | Again, the `tools/init.sh` script will initialise directories for stored and |
paul@955 | 73 | published data. The `tools/config.sh` script should be edited and the group |
paul@955 | 74 | redefined as follows: |
paul@955 | 75 | |
paul@955 | 76 | {{{ |
paul@955 | 77 | IMIP_AGENT_GROUP=www-data |
paul@955 | 78 | }}} |
paul@955 | 79 | |
paul@955 | 80 | If already installed, the `/etc/imip-agent/config.sh` script should be edited |
paul@955 | 81 | instead. See the [[../Configuration|configuration guide]] for more information. |
paul@955 | 82 | |
paul@955 | 83 | With local SMTP delivery, the mail system will need to be configured to route |
paul@955 | 84 | messages for local recipients. See the [[../MailIntegration/LocalSMTP|local SMTP]] |
paul@955 | 85 | description of mail configuration for more information. |
paul@955 | 86 | |
paul@955 | 87 | == Updating the Configuration == |
paul@955 | 88 | |
paul@955 | 89 | Once the necessary decisions have been taken here, the system's |
paul@955 | 90 | [[../Configuration|configuration]] will need updating so that the software and |
paul@955 | 91 | tools will work correctly. |