The data handled by imip-agent needs to be accessible to other software, notably mail handling software and Web server software. Two approaches to e-mail integration affect the choice of system users and groups:
Integration Method | System Users and Groups | Suitable for... |
Using a dedicated lmtp group | imip-agent belongs to lmtp and www-data groups | |
Using an existing group | imip-agent belongs to the www-data group |
The corresponding strategies are described in more detail below.
Here, imip-agent's programs can run in a way that permits them to initiate LMTP delivery (requiring suitable local privileges to communicate with the mail storage solution) whilst allowing the Web server to read data written by the agent programs.
A system group needs to be created for LMTP delivery and for certain users to share resources:
addgroup lmtp
This group should be employed for LMTP delivery by systems like Cyrus and Dovecot. See the mail storage guide for more information.
A system user needs to be created and to belong to certain groups in order to deliver messages to mail stores and to publish resources on the Web:
useradd -d /var/lib/imip-agent -m -U -G lmtp,www-data -r imip-agent
Store details and published resources need to be accessible by the imip-agent and www-data users. Thus, www-data also needs to belong to the lmtp group:
adduser www-data lmtp
This configuration should also work with the local SMTP delivery method, because the lmtp group membership will be superfluous for the imip-agent user. So, if the use of such a group is not problematic, this approach is a reasonable default choice. Moreover, there may be a need to create the lmtp group, anyway, so that MTAs can deliver to mail storage solutions.
Here, imip-agent's programs run in a way that permits local SMTP delivery (which merely needs the ability to connect to a local network service) whilst allowing the Web server to read data written by the agent programs. This approach provides a means of keeping imip-agent separate from mail-related users and groups.
A system user needs to be created and to belong to certain groups in order to deliver messages to mail stores and to publish resources on the Web:
useradd -d /var/lib/imip-agent -m -U -G www-data -r imip-agent
Again, the tools/init.sh script will initialise directories for stored and published data. The tools/config.sh script should be edited and the group redefined as follows:
IMIP_AGENT_GROUP=www-data
If already installed, the /etc/imip-agent/config.sh script should be edited instead. See the configuration guide for more information.
With local SMTP delivery, the mail system will need to be configured to route messages for local recipients. See the local SMTP description of mail configuration for more information.
Once the necessary decisions have been taken here, the system's configuration will need updating so that the software and tools will work correctly.