1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/docs/wiki/SystemUsers Wed Oct 28 00:38:45 2015 +0100
1.3 @@ -0,0 +1,84 @@
1.4 += System Users and Filesystem Access =
1.5 +
1.6 +The data handled by imip-agent needs to be accessible to other software,
1.7 +notably mail handling software and Web server software. Two approaches to
1.8 +[[../MailIntegration|e-mail integration]] affect the choice of system users
1.9 +and groups:
1.10 +
1.11 +{{{#!table
1.12 +'''Integration Method''' || '''System Users and Groups'''
1.13 +==
1.14 +[[../MailIntegration/LMTP|LMTP delivery]]
1.15 +|| `imip-agent` belongs to `lmtp` and `www-data` groups<<BR>>
1.16 +.. `www-data` also belongs to the `lmtp` group
1.17 +==
1.18 +[[../MailIntegration/LocalSMTP|Local SMTP delivery]]
1.19 +|| `imip-agent` belongs to the `www-data` group
1.20 +}}}
1.21 +
1.22 +The corresponding strategies are described in more detail below.
1.23 +
1.24 +== LMTP Delivery ==
1.25 +
1.26 +Here, imip-agent's programs run in a way that permits LMTP delivery (requiring
1.27 +suitable local privileges to communicate with the mail storage solution)
1.28 +whilst allowing the Web server to read data written by those programs.
1.29 +
1.30 +A system group needs to be created for LMTP delivery and for certain users to
1.31 +share resources:
1.32 +
1.33 +{{{
1.34 +addgroup lmtp
1.35 +}}}
1.36 +
1.37 +This group should be employed for LMTP delivery by systems like Cyrus and
1.38 +Dovecot. See the section on configuring mail systems for delivery for more
1.39 +information.
1.40 +
1.41 +A system user needs to be created and to belong to certain groups in order to
1.42 +deliver messages to mail stores and to publish resources on the Web:
1.43 +
1.44 +{{{
1.45 +useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent
1.46 +}}}
1.47 +
1.48 +Store details and published resources need to be accessible by the `imip-agent`
1.49 +and `www-data` users. Thus, `www-data` also needs to belong to the `lmtp` group:
1.50 +
1.51 +{{{
1.52 +adduser www-data lmtp
1.53 +}}}
1.54 +
1.55 +== Local SMTP Delivery ==
1.56 +
1.57 +Here, imip-agent's programs run in a way that permits local SMTP delivery
1.58 +(which merely needs the ability to connect to a local network service) whilst
1.59 +allowing the Web server to read data written by those programs.
1.60 +
1.61 +A system user needs to be created and to belong to certain groups in order to
1.62 +deliver messages to mail stores and to publish resources on the Web:
1.63 +
1.64 +{{{
1.65 +useradd -d /var/lib/imip-agent -m -U -G www-data -r imip-agent
1.66 +}}}
1.67 +
1.68 +Again, the `tools/init.sh` script will initialise directories for stored and
1.69 +published data. The `tools/config.sh` script should be edited and the group
1.70 +redefined as follows:
1.71 +
1.72 +{{{
1.73 +IMIP_AGENT_GROUP=www-data
1.74 +}}}
1.75 +
1.76 +If already installed, the `/etc/imip-agent/config.sh` script should be edited
1.77 +instead. See the [[../Configuration|configuration guide]] for more information.
1.78 +
1.79 +With local SMTP delivery, the mail system will need to be configured to route
1.80 +messages for local recipients. See the [[../MailIntegration/LocalSMTP|local SMTP]]
1.81 +description of mail configuration for more information.
1.82 +
1.83 +== Updating the Configuration ==
1.84 +
1.85 +Once the necessary decisions have been taken here, the system's
1.86 +[[../Configuration|configuration]] will need updating so that the software and
1.87 +tools will work correctly.