324 lines
14 KiB
Text
324 lines
14 KiB
Text
|
$Id: README,v 1.2 2000/09/25 17:57:21 guy Exp $
|
||
|
|
||
|
=================
|
||
|
| ezmlm-web-2.1 |
|
||
|
=================
|
||
|
|
||
|
Contents
|
||
|
========
|
||
|
I. Copyright Stuff
|
||
|
II. Some Background
|
||
|
III. Requirements
|
||
|
IV. Files
|
||
|
V. Installation
|
||
|
VI. Notes
|
||
|
VII. Multi-level list access
|
||
|
VIII. Language Portability
|
||
|
IX. Bugs && Bug Reports
|
||
|
X. Acknowledgements
|
||
|
XI. Availability
|
||
|
|
||
|
|
||
|
I. Copyright Stuff - essentially the FreeBSD licence ...
|
||
|
==================
|
||
|
ezmlm-web - version 2.1 - 25/09/2000
|
||
|
|
||
|
Copyright (C) 1998, Guy Antony Halse, All Rights Reserved.
|
||
|
Please send bug reports and comments to guy-ezmlm@rucus.ru.ac.za
|
||
|
|
||
|
Redistribution and use in source and binary forms, with or without
|
||
|
modification, are permitted provided that the following conditions are met:
|
||
|
|
||
|
Redistributions of source code must retain the above copyright notice, this
|
||
|
list of conditions and the following disclaimer.
|
||
|
|
||
|
Redistributions in binary form must reproduce the above copyright notice,
|
||
|
this list of conditions and the following disclaimer in the documentation
|
||
|
and/or other materials provided with the distribution.
|
||
|
|
||
|
Neither name Guy Antony Halse nor the names of any contributors may be used
|
||
|
to endorse or promote products derived from this software without specific
|
||
|
prior written permission.
|
||
|
|
||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
|
||
|
IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||
|
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||
|
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
POSSIBILITY OF SUCH DAMAGE.
|
||
|
|
||
|
II. Some Background
|
||
|
===================
|
||
|
The need for ezmlm-web arose from the fact that we host many student
|
||
|
societies on our system. These societies usually have a virtual host for web
|
||
|
and email, which is administered by a computer rep from the society. These
|
||
|
computer reps often have little or no knowledge of Unix and so we needed a
|
||
|
user friendly system that would let the create and maintain mailing lists
|
||
|
(such as members@foo.soc.ru.ac.za, committee@foo.soc.ru.ac.za, etc).
|
||
|
|
||
|
Since I am never keen to re-invent the wheel, I had a look at Steve Peterson's
|
||
|
script (http://virtation.com/qmail/ml-sub), which allows people to subscribe
|
||
|
and unsubscribe from mailing lists using a form->email gateway. This is fine
|
||
|
for putting on a web page saying "here come and join our mailing list", but
|
||
|
doesn't really allow you to administrate a list.
|
||
|
|
||
|
Security of mailing lists was a concern, as we really didn't want
|
||
|
unauthorised people to be able to alter some users list. Ezmlm-web itself
|
||
|
implements no security checks (apart from un-tainting input) and so relies
|
||
|
on the web server to do this (re-inventing the wheel again :). We use an
|
||
|
Apache webserver, so one can control access to a directory using a .htaccess
|
||
|
file or in the access.conf file. ApacheWeek have a good article on doing
|
||
|
this at http://www.apacheweek.com/features/userauth. I also give examples
|
||
|
later in this document.
|
||
|
|
||
|
This version of ezmlm-web (2.0) is based to a large extent on previous
|
||
|
versions that I have developed. It has however been totally re-written to
|
||
|
make use of the Mail::Ezmlm perl module I wrote. At the same time it was
|
||
|
updated and extended to include the new features of ezmlm-idx. It includes
|
||
|
many new features that have been suggested to me over the last few months,
|
||
|
and hopefully is now useful to a much larger group of people.
|
||
|
|
||
|
III. Requirements
|
||
|
=================
|
||
|
This version of ezmlm-web requires the following;
|
||
|
|
||
|
* qmail v1.03
|
||
|
* ezmlm v0.53 (idx v0.40)
|
||
|
* Perl v5.004 and the following modules;
|
||
|
+ Mail::Ezmlm v0.03
|
||
|
+ Mail::Address v1.15
|
||
|
+ CGI v2.6
|
||
|
+ CGI::Carp v1.06
|
||
|
+ DB_File v1.65
|
||
|
+ Getopt::Std v4.1
|
||
|
+ File::Find v?
|
||
|
+ File::Copy v2.02
|
||
|
|
||
|
The version number indicates the version of the module that ezmlm-web was
|
||
|
developed with. Earlier versions may work, but then they haven't been
|
||
|
tested. Have a look on http://www.CPAN.org/, http://www.qmail.org/, and
|
||
|
http://www.ezmlm.org/ for anything you are missing.
|
||
|
|
||
|
IV. Files
|
||
|
=========
|
||
|
In this distribution you should find 8 files;
|
||
|
|
||
|
README This file. Provides some background information, notes on
|
||
|
installation, etc. Not needed to run ezmlm-web.
|
||
|
|
||
|
CHANGES The change history. Not needed to run ezmlm-web
|
||
|
|
||
|
TODO This file is a list of things I intend doing in future
|
||
|
versions of ezmlm-web. That is if there are any future
|
||
|
versions :) Not needed to run ezmlm-web.
|
||
|
|
||
|
ezmlm-web.cgi The ezmlm-web script proper. This program requires that
|
||
|
you have perl5 installed on your machine and that your web
|
||
|
server is capable of running CGI scripts.
|
||
|
|
||
|
index.c A C wrapper to allow ezmlm-web.cgi to run suid. Not
|
||
|
strictly necessary if your setup allows perl scripts to
|
||
|
run suid, but I prefer using wrappers anyway. It needs to
|
||
|
be edited and compiled to suit your system. Not needed to
|
||
|
run ezmlm-web.
|
||
|
|
||
|
htaccess.sample A sample Apache .htaccess file for controlling access to
|
||
|
the mailing lists. If you use another web server, you will
|
||
|
have to work this bit out for yourself.
|
||
|
|
||
|
webusers.sample A sample webusers file for multi-level access control.
|
||
|
|
||
|
V. Installation
|
||
|
===============
|
||
|
1. Copy ezmlm-web.cgi to some publically readable directory. It does not
|
||
|
have to be in a path accessible to your web server, but any user with a
|
||
|
mailing list must be able to run it (Check the read and execute rights
|
||
|
on both the file and directory). We put our copy in
|
||
|
/usr/local/bin ...
|
||
|
|
||
|
3. Edit the ezmlmwebrc file and alter the variables at the top to suit
|
||
|
your particular system. In particular, you will probably have to change
|
||
|
the $ENV{'PATH'} variable. Be particularly careful about what you set
|
||
|
as the path. Too much is a security risk and too little will cause the
|
||
|
script to malfunction. Version 2.0 requires that the following programs
|
||
|
be accessible in your path; mv, rm
|
||
|
|
||
|
Also be careful about the $LIST_DIR variable. This script assumes that
|
||
|
all users store their mailing lists in the same sub directory of the
|
||
|
home directory (eg ~/lists). You can override this for an individual
|
||
|
user by recompiling the C wrapper to call ezmlm-web.cgi with a -d
|
||
|
option.
|
||
|
|
||
|
Other configurable options are documented in the ezmlmwebrc file
|
||
|
itself. I have tried to keep the amount of information that you need to
|
||
|
supply to a minimum and also make reasonable guesses about default
|
||
|
values.
|
||
|
|
||
|
4. Edit the index.c file and change the path to the path of your copy
|
||
|
of ezmlm-web.cgi. Then compile this file. You can do this by issuing
|
||
|
the command; gcc -o index.cgi index.c
|
||
|
|
||
|
5. For every user/virtual host that needs to manage mailing lists, you
|
||
|
need to create a SUID (user not root!!) copy of index.cgi (see
|
||
|
chmod(1) for details). These need to reside somewhere accessible by
|
||
|
the web server. I suggest that you put them in a sub directory (see
|
||
|
about security) of each user/virtual host's home directory (eg
|
||
|
/home/luser/public_html/ezmlm for Apache on Redhat).
|
||
|
|
||
|
The copies don't actually have to be called index.cgi, but it is nice
|
||
|
for web servers that can resolve a cgi script as an index page (see the
|
||
|
srm.conf file in Apache). It is important to make sure that whichever
|
||
|
directory you choose to put them can i: Execute CGI Scripts and ii: Be
|
||
|
access controlled (here I mean both web and user access) by some method
|
||
|
(eg .htaccess, access.conf for Apache).
|
||
|
|
||
|
6. Install some method of securing access to the page. The following
|
||
|
information is applicable to Apache web servers ... Detailed
|
||
|
information on user authentication can be obtained from the Apache
|
||
|
documentation (http://www.apache.org) and ApacheWeek
|
||
|
(http://www.apacheweek.com/features/userauth)
|
||
|
|
||
|
6.1 Ensure that your Apache setup will allow .htaccess file to control
|
||
|
access in the directory that contains. This is controlled by the
|
||
|
AllowOverride tag in access.conf. (Also ensure you have the
|
||
|
necessary Apache modules installed)
|
||
|
|
||
|
6.2 Create a htpasswd file. This is done using the htpasswd command that
|
||
|
comes with Apache. Its command line syntax is;
|
||
|
htpasswd [-c] passwordfile username
|
||
|
|
||
|
You need to put the passwordfile somewhere that is not accessible by
|
||
|
people through the web, and create an entry for each user you want
|
||
|
to have access ... See the ApacheWeek article for more details.
|
||
|
|
||
|
6.3 Create a .htaccess file in the directory that contains index.cgi.
|
||
|
Note that using Apache's built in access control, you can only control
|
||
|
access to directories, not individual files, hence the need for a
|
||
|
sub-directory in step 5.
|
||
|
|
||
|
The format of the .htaccess file should be along the lines of this;
|
||
|
|
||
|
AuthName EZ Mailing List Manager
|
||
|
AuthType Basic
|
||
|
AuthUserFile /path/to/passwordfile
|
||
|
require valid-user # or require user username
|
||
|
|
||
|
Again, see the ApacheWeek article for details.
|
||
|
|
||
|
7. Test the installation through the web. You should be asked for a
|
||
|
username and password (supplied in 6.2) and then be presented with a
|
||
|
screen entitled EZ Mailing List Manger. You can then try to create and
|
||
|
edit mailing lists ... Have Fun :)
|
||
|
|
||
|
VI. Notes
|
||
|
=========
|
||
|
* There is a function to delete mailing lists, but I really don't like the
|
||
|
idea. The only reason I put it in is that bvi@rucus asked for it.
|
||
|
If you set $UNSAFE_RD = 0 (the default) in the config section, the
|
||
|
ezmlm-web won't actually delete the list. In this case it moves the <list>
|
||
|
to .<list> and all the associated .qmail files to a sub-directory called
|
||
|
deleted.qmail/ (In the users home directory. This is by far a safer way
|
||
|
(since you can restore lists) and therefore I recommend it.
|
||
|
|
||
|
* The HTML interface has been tested using Nutscrape, Internet Exploder, and
|
||
|
Lynx. If anyone uses anything else and has problems, please let me know.
|
||
|
|
||
|
* I suggest that you make use of custom ezmlmwebrc files rather than using
|
||
|
the -d command line switches - it makes fault diagnosis easier ...
|
||
|
|
||
|
* Please see the section on languages below.
|
||
|
|
||
|
VII. Multi-Level Access
|
||
|
=======================
|
||
|
Ezmlm-web has a multi-level access system. This depends on a file called
|
||
|
webusers being present in $LIST_DIR. If the file is not present, then any
|
||
|
valid user has access to all lists. If, however, this file exists a number
|
||
|
of constraints come into place.
|
||
|
|
||
|
- The webusers file is scanned for either the list name (case insensitive) or
|
||
|
an ALL (case sensitive) entry.
|
||
|
- The list entry (or ALL) is scanned for the current user (as set in
|
||
|
$REMOTE_USER) or an ALL entry.
|
||
|
- If any valid match is made, then the user is allowed to edit the list.
|
||
|
Otherwise the user is politely told to go away ;-)
|
||
|
|
||
|
If list creation is allowed and the webusers file exists, then the person who
|
||
|
creates the list is the default owner. As of yet there is no way to add users
|
||
|
through the web interface, but I intend to do this eventually.
|
||
|
|
||
|
The format of a webusers file is as follows;
|
||
|
|
||
|
list1: user1, user2, user3
|
||
|
ALL: user1, user2
|
||
|
list2: ALL
|
||
|
|
||
|
ie; listname colon (:) and a comma (,) separated list of users. Spaces are
|
||
|
ignored but each list must appear on a new line.
|
||
|
|
||
|
Once this file exists, the ezmlm-web script will allow the list users to
|
||
|
configure their access lists along with any other options.
|
||
|
|
||
|
Oh, and BTW, list creation through the web can now be disabled. The way to do
|
||
|
this is to compile the wrapper calling ezmlm-web.cgi with a -c switch. See the
|
||
|
example index.c file for more details.
|
||
|
|
||
|
VIII. Language Portablity
|
||
|
=========================
|
||
|
One of the great new features of version 2.0 is that it is essentially
|
||
|
language independant (okay, not quite, but is 99% of the way there). Most of
|
||
|
the fixed strings, help, etc is defined in the RC file and thus can be
|
||
|
altered to suite a particular locale, language or even your own taste.
|
||
|
|
||
|
If anyone gets round to writing full templates for languages I would
|
||
|
appreciate it if you would do two things;
|
||
|
|
||
|
Firstly, make them public and announce them on the ezmlm@lists.cr.yp.to
|
||
|
mailing list so that others may benefit.
|
||
|
|
||
|
Secondly, please mail me a copy (guy-ezmlm@rucus.ru.ac.za) so that I may use
|
||
|
them in any future releases of ezmlm-web.
|
||
|
|
||
|
|
||
|
IX. Bugs && Bug Reports
|
||
|
=======================
|
||
|
I don't know of any bugs, but then this is a rewrite and a first release. It
|
||
|
has been tested reasonably well, but not exhaustively. I know it works on
|
||
|
FreeBSD 4.0-STABLE, FreeBSD 3.4-RELEASE, RedHat 5.1 and Redhat 6.0 all using
|
||
|
an Apache web server, but I would be interested to know whether it works on
|
||
|
other OSs and with other web servers. This version is far less dependent on
|
||
|
the OS than previous versions so I don't see any reason why it shouldn't.
|
||
|
|
||
|
Please mail bug reports and comments to guy-ezmlm@rucus.ru.ac.za
|
||
|
|
||
|
X. Acknowledgements
|
||
|
===================
|
||
|
* Keith Burdis (keith@rucus.ru.ac.za) - For constantly bugging me and
|
||
|
ensuring that I actually got round to writing some code :)
|
||
|
* Bryan Kilian (bryan@rucus.ru.ac.za) and the administrators of the
|
||
|
Litestep mailing list - For helping beta test and putting up with me
|
||
|
pestering them.
|
||
|
* Several societies at Rhodes. For switching to my web interface and so
|
||
|
unknowingly helping to beta test it.
|
||
|
* Barry Irwin (bvi@moria.org) - For trusting me and moving the Grahamstown
|
||
|
Foundation over to qmail and ezmlm - yet another beta tester :-)
|
||
|
* David Summers (david@summersoft.fay.ar.us) - For some ideas. And for
|
||
|
offering to make up an RPM version. I hope the offer still exists for
|
||
|
version 2.0 :-)
|
||
|
* Glen Stewart (glen_stewart@associate.com) - For a multitude of ideas.
|
||
|
* Fred Lindberg (lindberg@id.wustl.edu) for his useful posts to the
|
||
|
mailing list, suggestions, help, etc
|
||
|
* Galen Johnson (gjohnson@totalsports.net) - For some ideas on bugfixes.
|
||
|
|
||
|
XI. Availability
|
||
|
=================
|
||
|
The latest version of ezmlm-web will always be available on;
|
||
|
ftp://rucus.ru.ac.za/pub/mail/ezmlm/
|
||
|
|
||
|
More information on ezmlm-web and developments to ezmlm-web can be found at;
|
||
|
http://rucus.ru.ac.za/~guy/ezmlm/
|