1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
= System Users and Filesystem Access =
The data handled by imip-agent needs to be accessible to other software,
notably mail handling software and Web server software. Two approaches to
[[../MailIntegration|e-mail integration]] affect the choice of system users
and groups:
{{{#!table
'''Integration Method''' || '''System Users and Groups''' || '''Suitable for...'''
==
Using a dedicated `lmtp` group
|| `imip-agent` belongs to `lmtp` and `www-data` groups<<BR>>
.. `www-data` also belongs to the `lmtp` group
|| [[../MailIntegration/LMTP|LMTP delivery]] and
.. [[../MailIntegration/LocalSMTP|Local SMTP delivery]]
==
Using an existing group
|| `imip-agent` belongs to the `www-data` group
|| [[../MailIntegration/LocalSMTP|Local SMTP delivery]]
}}}
The corresponding strategies are described in more detail below.
== Using a Dedicated LMTP-Related Group ==
Here, imip-agent's programs can run in a way that permits them to initiate
[[../MailIntegration/LMTP|LMTP delivery]] (requiring suitable local privileges
to communicate with the mail storage solution) whilst allowing the Web server
to read data written by the [[../AgentPrograms|agent programs]].
A system group needs to be created for LMTP delivery and for certain users to
share resources:
{{{
addgroup lmtp
}}}
This group should be employed for LMTP delivery by systems like Cyrus and
Dovecot. See the [[../MailboxIntegration|mail storage guide]] for more
information.
A system user needs to be created and to belong to certain groups in order to
deliver messages to mail stores and to publish resources on the Web:
{{{
useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent
}}}
Store details and published resources need to be accessible by the `imip-agent`
and `www-data` users. Thus, `www-data` also needs to belong to the `lmtp` group:
{{{
adduser www-data lmtp
}}}
{{{#!wiki tip
This configuration should also work with the
[[../MailIntegration/LocalSMTP|local SMTP delivery]] method, because the `lmtp`
group membership will be superfluous for the `imip-agent` user. So, if the use
of such a group is not problematic, this approach is a reasonable default choice.
Moreover, there may be a need to create the `lmtp` group, anyway, so that MTAs
can deliver to [[../MailboxIntegration|mail storage solutions]].
}}}
== Using an Existing Group ==
Here, imip-agent's programs run in a way that permits local SMTP delivery
(which merely needs the ability to connect to a local network service) whilst
allowing the Web server to read data written by the
[[../AgentPrograms|agent programs]]. This approach provides a means of keeping
imip-agent separate from mail-related users and groups.
A system user needs to be created and to belong to certain groups in order to
deliver messages to mail stores and to publish resources on the Web:
{{{
useradd -d /var/lib/imip-agent -m -U -G www-data -r imip-agent
}}}
Again, the `tools/init.sh` script will initialise directories for stored and
published data. The `tools/config.sh` script should be edited and the group
redefined as follows:
{{{
IMIP_AGENT_GROUP=www-data
}}}
If already installed, the `/etc/imip-agent/config.sh` script should be edited
instead. See the [[../Configuration|configuration guide]] for more information.
With local SMTP delivery, the mail system will need to be configured to route
messages for local recipients. See the [[../MailIntegration/LocalSMTP|local SMTP]]
description of mail configuration for more information.
== Updating the Configuration ==
Once the necessary decisions have been taken here, the system's
[[../Configuration|configuration]] will need updating so that the software and
tools will work correctly.
|
