0

I'm writing a PHP application and I want to be able to add new lists to mailman running on my ubuntu server. For one reason or another, mailman's newlist script requires root privileges. Is there any way that I can get newlist to not require sudo? Obviously I can't just circumvent sudo, but is there any possible way to get this working?

Thanks, Daniel

Daniel Dreier
  • 1

2 Answers2

1

I'm confused as to how you would think that sudo would be an obsticle. You could use specify that for the specific command, and specific userid that NO Password would be required:

  username   all = (root) NOPASSWD: specific-command

If a single, or limited number of commands is unavailable, then script the functionality you want and use that as a sudo command.

Your other alternative is to make the specific commands needed as suid as root. However, depending on the environment you are in could be a security risk.

mdpc
  • 11,856
  • 28
  • 53
  • 67
  • I wasn't entirely sure how to word my question, and apparently I didn't do it well enough. So, what you're suggesting is to add an exception to the sudoers/visudo file? – Daniel Dreier Nov 01 '11 at 17:43
0

root privileges?

At least on Debian (which Ubuntu is based on) Mailman is running as list user and group by default, and when I manage lists from shell I'm logged in as list user.

I think adding your Apache user to list group should be enough.

For better security, you might also use something like suPHP and run your list management user as list user, and let other scripts to be run by some other user.

Janne Pikkarainen
  • 31,852
  • 4
  • 58
  • 81