# HG changeset patch # User Paul Boddie # Date 1422723269 -3600 # Node ID 4a1cb2084a0ebb3a1c50b580fa0105c2eb18af68 # Parent eeee9e698b237b1414d6de4ddc5506ff0284a87b Changed group membership, making imip-agent and www-data members of the lmtp group, so that Postfix can have that group as its one-and-only group that can be active when running a process using the pipe daemon (whereas Exim permits initgroups to be used and thus allows imip-agent to be a member of www-data and lmtp at the same time). diff -r eeee9e698b23 -r 4a1cb2084a0e README.txt --- a/README.txt Sat Jan 31 17:51:16 2015 +0100 +++ b/README.txt Sat Jan 31 17:54:29 2015 +0100 @@ -17,23 +17,33 @@ System User and Filesystem Access --------------------------------- +A system group needs to be created for LMTP delivery and for certain users to +share resources: + + addgroup lmtp + +This group should be employed for LMTP delivery by systems like Cyrus and +Dovecot. See the section on configuring mail systems for delivery for more +information. + A system user needs to be created and to belong to certain groups in order to deliver messages to mail stores and to publish resources on the Web: useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent -If the lmtp group does not exist, it should be created and be employed for -LMTP delivery to systems like Cyrus and Dovecot. +Store details and published resources need to be accessible by the imip-agent +and www-data users. Thus, www-data also needs to belong to the lmtp group: -Store details and published resources need to be accessible by the imip-agent -and www-data users: + adduser www-data lmtp + +Stored and published data is then initialised as follows: mkdir /var/lib/imip-agent/store /var/lib/imip-agent/preferences mkdir /var/www/imip-agent/static chown imip-agent /var/lib/imip-agent/store /var/lib/imip-agent/preferences chown imip-agent /var/www/imip-agent/static - chgrp www-data /var/lib/imip-agent/store /var/lib/imip-agent/preferences - chgrp www-data /var/www/imip-agent/static + chgrp lmtp /var/lib/imip-agent/store /var/lib/imip-agent/preferences + chgrp lmtp /var/www/imip-agent/static chmod g+ws /var/lib/imip-agent/store /var/lib/imip-agent/preferences chmod g+ws /var/www/imip-agent/static @@ -46,8 +56,8 @@ chgrp -R imip-agent /var/lib/imip-agent chown -R imip-agent /var/lib/imip-agent/store /var/lib/imip-agent/preferences chown -R imip-agent /var/www/imip-agent/static - chgrp -R www-data /var/lib/imip-agent/store /var/lib/imip-agent/preferences - chgrp -R www-data /var/www/imip-agent/static + chgrp -R lmtp /var/lib/imip-agent/store /var/lib/imip-agent/preferences + chgrp -R lmtp /var/www/imip-agent/static chmod -R g+w /var/lib/imip-agent/store /var/lib/imip-agent/preferences chmod -R g+w /var/www/imip-agent/static @@ -173,6 +183,16 @@ configured to provide a Unix domain socket offering support for LMTP connections. +For Cyrus, the following bug report is pertinent: + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494746 + +A permanent change in permissions on the Cyrus LMTP socket is therefore +required to make delivery available to the lmtp group: + + dpkg-statoverride --force --update --add \ + cyrus lmtp 750 /var/run/cyrus/socket + Prerequisites ------------- diff -r eeee9e698b23 -r 4a1cb2084a0e conf/postfix/master.cf.items --- a/conf/postfix/master.cf.items Sat Jan 31 17:51:16 2015 +0100 +++ b/conf/postfix/master.cf.items Sat Jan 31 17:54:29 2015 +0100 @@ -1,9 +1,9 @@ imip_resources unix - n n - - pipe - flags=FR user=imip-agent argv=/var/lib/imip-agent/imip_resource.py + flags=FR user=imip-agent:lmtp argv=/var/lib/imip-agent/imip_resource.py -o ${original_recipient} -r ${recipient} imip_people unix - n n - - pipe flags=FR user=imip-agent:lmtp argv=/var/lib/imip-agent/imip_person.py -o ${original_recipient} -r ${recipient} -l $lmtp_socket imip_people_outgoing unix - n n - - pipe - flags=FR user=imip-agent argv=/var/lib/imip-agent/imip_person_outgoing.py + flags=FR user=imip-agent:lmtp argv=/var/lib/imip-agent/imip_person_outgoing.py -O