List creation in the perl-admin web interface

List creation in the perl-admin web interface

[Christian Laursen]

There has been some talk about adding list creation functionality to
the web interface.

Most of the work involved in getting it to work consists of making
mlmmj itself support list creation by preconfigured unprivileged
users.

It will probably require mlmmj-make-ml to be a suid root binary,
preferably only installed suid root if enabled by an option to the
configure script or similar.

Since the unprivileged user can't do any postprocessing on the created
listdir there will have to be some support for running a custom script
to do that. The custom script should also take care of adding an alias
to the mail configuration.

All this would probably be configured in a global configuration file
as the unprivileged user should be trusted as little as possible.

With this in place it should be a walk in the park to add the
functionality to the web interface.

-- 
Christian Laursen

Re: List creation in the perl-admin web interface

[Mads Martin Joergensen]

* Christian Laursen <xi@borderworlds.dk> [Jun 22. 2005 10:54]:
> There has been some talk about adding list creation functionality to
> the web interface.
> 
> Most of the work involved in getting it to work consists of making
> mlmmj itself support list creation by preconfigured unprivileged
> users.
> 
> It will probably require mlmmj-make-ml to be a suid root binary,
> preferably only installed suid root if enabled by an option to the
> configure script or similar.

I've been wanting to rewrite mlmmj-make-ml anyway, making it possible to
pass all options for making a list on the commandline. mlmmj-make-ml.sh
is an ugly hack anyway--it was written pre-0.1.0.

> Since the unprivileged user can't do any postprocessing on the created
> listdir there will have to be some support for running a custom script
> to do that. The custom script should also take care of adding an alias
> to the mail configuration.
> 
> All this would probably be configured in a global configuration file
> as the unprivileged user should be trusted as little as possible.
> 
> With this in place it should be a walk in the park to add the
> functionality to the web interface.

And when we have mlmmj-make-ml written proper, the rest seems
achievable. Especially now we can write it with the above in mind.

Any other considerations?

-- 
Mads Martin Joergensen, http://mmj.dk
"Why make things difficult, when it is possible to make them cryptic
 and totally illogical, with just a little bit more effort?"
                                -- A. P. J.

Re: List creation in the perl-admin web interface

[Marcus Rueckert]

On Wednesday, 22. June 2005 10:54, Christian Laursen wrote:
> There has been some talk about adding list creation functionality to
> the web interface.
>
> Most of the work involved in getting it to work consists of making
> mlmmj itself support list creation by preconfigured unprivileged
> users.
>
> It will probably require mlmmj-make-ml to be a suid root binary,
> preferably only installed suid root if enabled by an option to the
> configure script or similar.

It does not have to be suid root. it could be suid mailinglist/maildrop group.
and the group has write permissions to the mailinglist basedir.

> Since the unprivileged user can't do any postprocessing on the created
> listdir there will have to be some support for running a custom script
> to do that. The custom script should also take care of adding an alias
> to the mail configuration.

you could use a special alias file which is writable by the group too. and 
include it into your mta config. Most distros do that with mailman e.g..

so long,

darix

Re: List creation in the perl-admin web interface

[Mads Martin Joergensen]

* Marcus Rueckert <mrueckert@suse.de> [Jun 22. 2005 11:12]:
> > There has been some talk about adding list creation functionality to
> > the web interface.
> >
> > Most of the work involved in getting it to work consists of making
> > mlmmj itself support list creation by preconfigured unprivileged
> > users.
> >
> > It will probably require mlmmj-make-ml to be a suid root binary,
> > preferably only installed suid root if enabled by an option to the
> > configure script or similar.
> 
> It does not have to be suid root. it could be suid mailinglist/maildrop group.
> and the group has write permissions to the mailinglist basedir.

Well, the very first thing I'm going to do in the binary anyway is that
in case we're root, priviledges will be dropped by changing uid to the
user owning the directory the mailinglist will be created in. This way,
it doesn't matter that every OS out there has a different user for the
mailserver--it'll simply Just Work. Of course they're only going to be
dropped in case we _are_ root.

Just the same way mlmmj-{,un}sub does it.

-- 
Mads Martin Joergensen, http://mmj.dk
"Why make things difficult, when it is possible to make them cryptic
 and totally illogical, with just a little bit more effort?"
                                -- A. P. J.

Re: List creation in the perl-admin web interface

[Christian Laursen]

Mads Martin Joergensen <mmj@mmj.dk> writes:

> * Christian Laursen <xi@borderworlds.dk> [Jun 22. 2005 10:54]:
>
> I've been wanting to rewrite mlmmj-make-ml anyway, making it possible to
> pass all options for making a list on the commandline. mlmmj-make-ml.sh
> is an ugly hack anyway--it was written pre-0.1.0.

Ah yes, I forgot about the requirement of a non-interactive mlmmj-make-ml.
 
> And when we have mlmmj-make-ml written proper, the rest seems
> achievable. Especially now we can write it with the above in mind.
> 
> Any other considerations?

I have some ideas about what would be nice to have in the configuration file.
(Although it could be made possible to override those if running as root)

- Unprivileged users who are allowed to make lists (Perhaps just a group)
- Directories in which new listdirs are allowed to be created
- Allowed list domains
- Allowed prepopulated skeleton control dirs
- Allowed custom scripts to run after list creation
- Allowed listtexts directories

Some of this might work better if grouped in profiles.

Nothing more comes to mind at this time.

-- 
Christian Laursen

Re: List creation in the perl-admin web interface

[Christian Laursen]

Marcus Rueckert <mrueckert@suse.de> writes:

> On Wednesday, 22. June 2005 10:54, Christian Laursen wrote:
>
> > It will probably require mlmmj-make-ml to be a suid root binary,
> > preferably only installed suid root if enabled by an option to the
> > configure script or similar.
> 
> It does not have to be suid root. it could be suid mailinglist/maildrop group.
> and the group has write permissions to the mailinglist basedir.

Currently our configuration has control owned by the www user and the
rest of the listdir owned by mlmmj. However I think control could be
owned by mlmmj too if it is made group writable.

> > Since the unprivileged user can't do any postprocessing on the created
> > listdir there will have to be some support for running a custom script
> > to do that. The custom script should also take care of adding an alias
> > to the mail configuration.
> 
> you could use a special alias file which is writable by the group too. and 
> include it into your mta config. Most distros do that with mailman e.g..

Sure, but can you do it in a way that is general enough to satisfy all
setups? Furthermore we have to be careful not to break old
installations too much.

-- 
Christian Laursen