1 = System Users and Filesystem Access = 2 3 The data handled by imip-agent needs to be accessible to other software, 4 notably mail handling software and Web server software. Two approaches to 5 [[../MailIntegration|e-mail integration]] affect the choice of system users 6 and groups: 7 8 {{{#!table 9 '''Integration Method''' || '''System Users and Groups''' || '''Suitable for...''' 10 == 11 Using a dedicated `lmtp` group 12 || `imip-agent` belongs to `lmtp` and `www-data` groups<<BR>> 13 .. `www-data` also belongs to the `lmtp` group 14 || [[../MailIntegration/LMTP|LMTP delivery]] and 15 .. [[../MailIntegration/LocalSMTP|Local SMTP delivery]] 16 == 17 Using an existing group 18 || `imip-agent` belongs to the `www-data` group 19 || [[../MailIntegration/LocalSMTP|Local SMTP delivery]] 20 }}} 21 22 The corresponding strategies are described in more detail below. 23 24 == Using a Dedicated LMTP-Related Group == 25 26 Here, imip-agent's programs can run in a way that permits them to initiate 27 [[../MailIntegration/LMTP|LMTP delivery]] (requiring suitable local privileges 28 to communicate with the mail storage solution) whilst allowing the Web server 29 to read data written by the [[../AgentPrograms|agent programs]]. 30 31 A system group needs to be created for LMTP delivery and for certain users to 32 share resources: 33 34 {{{ 35 addgroup lmtp 36 }}} 37 38 This group should be employed for LMTP delivery by systems like Cyrus and 39 Dovecot. See the [[../MailboxIntegration|mail storage guide]] for more 40 information. 41 42 A system user needs to be created and to belong to certain groups in order to 43 deliver messages to mail stores and to publish resources on the Web: 44 45 {{{ 46 useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent 47 }}} 48 49 Store details and published resources need to be accessible by the `imip-agent` 50 and `www-data` users. Thus, `www-data` also needs to belong to the `lmtp` group: 51 52 {{{ 53 adduser www-data lmtp 54 }}} 55 56 {{{#!wiki tip 57 This configuration should also work with the 58 [[../MailIntegration/LocalSMTP|local SMTP delivery]] method, because the `lmtp` 59 group membership will be superfluous for the `imip-agent` user. So, if the use 60 of such a group is not problematic, this approach is a reasonable default choice. 61 Moreover, there may be a need to create the `lmtp` group, anyway, so that MTAs 62 can deliver to [[../MailboxIntegration|mail storage solutions]]. 63 }}} 64 65 == Using an Existing Group == 66 67 Here, imip-agent's programs run in a way that permits local SMTP delivery 68 (which merely needs the ability to connect to a local network service) whilst 69 allowing the Web server to read data written by the 70 [[../AgentPrograms|agent programs]]. This approach provides a means of keeping 71 imip-agent separate from mail-related users and groups. 72 73 A system user needs to be created and to belong to certain groups in order to 74 deliver messages to mail stores and to publish resources on the Web: 75 76 {{{ 77 useradd -d /var/lib/imip-agent -m -U -G www-data -r imip-agent 78 }}} 79 80 Again, the `tools/init.sh` script will initialise directories for stored and 81 published data. The `tools/config.sh` script should be edited and the group 82 redefined as follows: 83 84 {{{ 85 IMIP_AGENT_GROUP=www-data 86 }}} 87 88 If already installed, the `/etc/imip-agent/config.sh` script should be edited 89 instead. See the [[../Configuration|configuration guide]] for more information. 90 91 With local SMTP delivery, the mail system will need to be configured to route 92 messages for local recipients. See the [[../MailIntegration/LocalSMTP|local SMTP]] 93 description of mail configuration for more information. 94 95 == Updating the Configuration == 96 97 Once the necessary decisions have been taken here, the system's 98 [[../Configuration|configuration]] will need updating so that the software and 99 tools will work correctly.