user your MTA runs. If you run postfix, the user is specified by the
main.cf parameter "default_privs".
- We suggest you to use
+ we suggest you to use
MAIL_AGENT=/usr/sbin/sendmail
MAIL_AGENT_ARGS=-t
+ as optional parameters, you can also set
+
+ USER= user that runs firma (usually the same as your MTA user);
+ defaults to "nobody"; you can also specify this parameter
+ in each mailing list config file if you plan to have one
+ user per mailing list
+
+ GROUP= group that runs firma (usually the same as your MTA group);
+ defaults to "nogroup"; you can also specify this parameter
+ in each mailing list config file if you plan to have one
+ group per mailing list
+
+ LOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma
+ will print errors to STDERR
+
+ LOGGER_BINARY= if logging to syslog, set the path to logger's binary
+
+ SYSLOG_PRIORITY= if logging to syslog, set a priority for the error messages
+ (defaults to "user.err")
+
+ USE_GPG_HIDDEN_RECIPIENT_OPTION= set to '1' to use GnuPG's --hidden-recipient
+ option, available from version 1.4.0 onwards
+ (try 'man gpg' for more information)
+
+ REMOVE_THESE_HEADERS_ON_ALL_LISTS= headers that should be stripped from list
+ messages on all lists running under firma
+ (space separated case-insensitive entries)
+ (may include regexps (e.g., X-.*)
+
4 - then create your lists with the command
firma -c your-list
the owner of the config file and keyring should be nobody.nobody
(or the user your MTA run as) and its permissions must be 600.
+ after it you can add some optional parameters on this list config file:
+
+ SUBJECT_PREFIX= prefix to be included in the subject of list messages
+
+ REMOVE_THESE_HEADERS= headers that should be stripped from list messages
+ (space separated case-insensitive entries)
+ (may include regexps (e.g., X-.*)
+
+ REPLIES_SHOULD_GO_TO_LIST= set to '1' to add a Reply-To header containing the
+ list address
+
+ SILENTLY_DISCARD_INVALID_MESSAGES= set to '1' to silently discard invalid
+ messages (message not signed/encrypted,
+ sender not subscribed to the list, etc.)
+ instead of sending bounces back to sender
+
5 - create an alias to the list at your MTA; on sendmail or postfix,
add this to your aliases file:
alternatively, you can use a virtual ...
- 6 - admin tasks are performed through your-list-request@yourmachine or
- via command-line:
+ 6 - admin tasks are performed through your-list-request@yourmachine (currently
+ not implemente) or via command-line:
firma -a your-list
subscribe key-id pubkey from file or keyserver (currently not
implemented)
- unsure email-address
+ unsub email-address
unsubscribe all keys with email-address IDs (currently not
implemented)
#
# And it may contain the following optional parameters:
#
+# USER= user that runs firma (usually the same as your MTA user);
+# defaults to "nobody"; you can also specify this parameter
+# in each mailing list config file if you plan to have one
+# user per mailing list
+# GROUP= group that runs firma (usually the same as your MTA group);
+# defaults to "nogroup"; you can also specify this parameter
+# in each mailing list config file if you plan to have one
+# group per mailing list
# LOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma
# will print errors to STDERR
# LOGGER_BINARY= if logging to syslog, set the path to logger's binary
fi
fi
+ if [ -z "$USER" ]; then
+ USER="nobody"
+ fi
+
+ if [ -z "$GROUP" ]; then
+ GROUP="nobody"
+ fi
+
return $return_code
}
echo "Creating folder $LIST_PATH..."
if mkdir "$LIST_PATH"; then # || (echo "$(basename $0): error creating $LIST_PATH: installation aborted"; exit 1)
- echo "creating list config file and will ask some questions."
+ echo "Creating list config file and will ask some questions."
read -rep " List keyring location: ("$LIST_PATH") " LIST_HOMEDIR
LIST_HOMEDIR=${LIST_HOMEDIR:-"$LIST_PATH"}
- # NAO USAR UTF-8 (VER DETAILS)
+ # Dont use UTF-8 (look at DETAILS)
read -rep " List email address: " LIST_ADDRESS
read -rep " List administrator(s) email address(es) (space delimited): " LIST_ADMIN
read -rep " List description (optional): " DESCRIPTION
read -resp " Passphrase to protect the list's secret key: " PASSPHRASE
- # todo: key specs (size, expiry date...)
+ # TODO: key specs (size, expiry date...)
- echo "creating your config..."
+ echo "Creating your config..."
touch $LIST_CONFIG_FILE
- chown root.root $LIST_CONFIG_FILE
chmod 600 $LIST_CONFIG_FILE
+ chown $USER.$GROUP $LIST_CONFIG_FILE
if [ -f "$LIST_CONFIG_FILE" ]; then
DeclareGpgVars
# removed: MAIL_AGENT=$MAIL_AGENT\nGPG_BINARY=$GPG_BINARY\n
- echo -e "LIST_HOMEDIR=$LIST_HOMEDIR\nLIST_ADDRESS=$LIST_ADDRESS\nLIST_ADMIN=$LIST_ADMIN\nPASSPHRASE=$PASSPHRASE" > $LIST_CONFIG_FILE
- echo "now generating your keyring..."
+ echo -e "LIST_HOMEDIR=\'$LIST_HOMEDIR\'\nLIST_ADDRESS=\'$LIST_ADDRESS\'\nLIST_ADMIN=\'$LIST_ADMIN\'\nPASSPHRASE=\'$PASSPHRASE\'" > $LIST_CONFIG_FILE
+ echo "Now generating your keyring..."
$GPG --gen-key <<EOF
EOF
+ chown -R $USER.$GROUP $LIST_HOMEDIR
+
else
echo "$(basename $0): cannot create $LIST_PATH: Installation aborted"
return_code=1
return_code=1
fi
- return return_code
+ return $return_code
}
return $return_code
}
+
+function CheckPermission {
+ #-------------------------------------------------------------
+ # check if file has correct permissions (600) and also
+ # + if the file is owned by $USER
+ # +got the idea for this function from backupninja
+ #
+ # parameter(s): file name
+ # depends on function(s): none
+ # returns: 0 if file has correct permissions
+ # 1 if not, and also print a warning message
+ #-------------------------------------------------------------
+
+ local file="$1"
+ local perms="`ls -ld $file`"
+ perms=${perms:4:6}
+ if [ "$perms" != "------" ]; then
+ ERROR_MESSAGE="WARNING: Configuration files must not be group or world writable/readable! Dying on file $file"
+ echo $ERROR_MESSAGE
+ if [[ "$LOG_TO_SYSLOG" == 1 ]]; then
+ echo "$ERROR_MESSAGE" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME"
+ fi
+ return 1
+ fi
+
+ if [ `ls -ld $file | awk '{print $3}'` != "$USER" ]; then
+ echo "WARNING: Configuration files must be owned by $USER! Dying on file $file"
+ fi
+
+ return 0
+}
+
+
+function CheckListPermissions {
+ #-------------------------------------------------------------
+ # check if list files has correct permissions (600) and also
+ # + if the files are owned by $USER
+ #
+ # parameter(s): list config file
+ # depends on function(s): CheckPermission
+ # returns: 0 if file has correct permissions
+ # 1 if not, and also print a warning message
+ #-------------------------------------------------------------
+
+ local file
+ local folder
+ local config
+
+ # check and fix permissions on all files from $LIST_PATH to $USER.$GROUP
+ if [ ! -z "$1" ]; then
+ folder="`basedir $1`"
+ config="`basename $1`"
+ for file in $config pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg; do
+ if CheckPermission $folder/$file; then
+ echo "Fixing permission and ownership for $folder/$file"
+ chmod 600 $folder/$file
+ chown $USER.$GROUP $folder/$file
+ fi
+ done
+ fi
+}
+
#-------------------------------------------------------------
# main()
#-------------------------------------------------------------
MESSAGE_HEADERS MESSAGE_BODY
MESSAGE
FUNCTION FUNCTIONS
- GLOBAL_VARS VAR"
+ GLOBAL_VARS VAR
+ USER
+ GROUP
+ BASENAME"
FUNCTIONS="
Usage
ProcessMessage
NewList
ListAdministration
- ChooseUid"
+ ChooseUid
+ CheckPermission
+ CheckListPermissions"
for VAR in $GLOBAL_VARS; do
declare $VAR
# set initial exit code
EXIT_CODE=0
+# set program name
+BASENAME="`basename $0`"
+
# command line parsing:
# first check number of arguments, then check what was entered
# start main case
esac
;;
2)
+ # if firma.conf exists but has wrong permissions or ownership
+ if [ -f "$FIRMA_CONFIG_FILE" ] && ! CheckPermission $FIRMA_CONFIG_FILE; then
+ EXIT_CODE="1"
# if firma.conf exists
- if [ -f "$FIRMA_CONFIG_FILE" ]; then
+ elif [ -f "$FIRMA_CONFIG_FILE" ]; then
# evaluate its parameters
shopt -u sourcepath && source "$FIRMA_CONFIG_FILE"
# options that depend on the list configuration file
-a|--admin-task|-p|--process-message)
- # if the configuration file exists, disable bash's
- #+sourcepath and evaluate list parameters
- if [[ -f "$LIST_CONFIG_FILE" ]]; then
+ # if config file exists but has wrong permissions or ownership
+ if [[ -f "$LIST_CONFIG_FILE" ]] && ! CheckPermission $LIST_CONFIG_FILE; then
+ EXIT_CODE="1"
+ elif [[ -f "$LIST_CONFIG_FILE" ]]; then
+
+ # if the configuration file exists, disable bash's
+ #+sourcepath and evaluate list parameters
shopt -u sourcepath && source "$LIST_CONFIG_FILE"
+ CheckListPermissions $LIST_CONFIG_FILE
+
# get gpg parameters
DeclareGpgVars
# print/log error message, if any
if [[ -n "$ERROR_MESSAGE" ]]; then
if [[ "$LOG_TO_SYSLOG" == 1 ]]; then
- echo "$ERROR_MESSAGE" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$(basename $0)"
+ echo "$ERROR_MESSAGE" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME"
else
echo >&2 "$(basename $0): $ERROR_MESSAGE"
fi
projects / firma.git / commitdiff