Make it easier to avoid permission issues when setting up maddy

foxcpp · foxcpp · commit 28bdf6d33f10 · 2024-01-21T21:57:00.000+03:00
1. Clarify that you need to manually create the user and group when building from source. ./build.sh does not do that since it is a packaging tool, not system configuration one. 2. Do not require "go" command to be present when running ./build.sh install. go installation may be user-specific and unavailable when running with sudo. 3. Ease UMask restrictions. Allow group access. This allows CLI commands to be run by any user in maddy group. See #569.
diff --git a/build.sh b/build.sh
@@ -146,10 +146,23 @@ install() {
 	# Attempt to install systemd units only for Linux.
 	# Check is done using GOOS instead of uname -s to account for possible
 	# package cross-compilation.
-	if [ "$(go env GOOS)" = "linux" ]; then
-		command install -m 0755 -d "${destdir}/${prefix}/lib/systemd/system/"
-		command install -m 0644 "${builddir}"/systemd/*.service "${destdir}/${prefix}/lib/systemd/system/"
-	fi
+	# Though go command might be unavailable if build.sh is run
+	# with sudo and go installation is user-specific, so fallback
+	# to using uname -s in the end.
+	set +e
+  if command -v go >/dev/null 2>/dev/null; then
+    set -e
+    if [ "$(go env GOOS)" = "linux" ]; then
+    		command install -m 0755 -d "${destdir}/${prefix}/lib/systemd/system/"
+    		command install -m 0644 "${builddir}"/systemd/*.service "${destdir}/${prefix}/lib/systemd/system/"
+    fi
+  else
+    set -e
+    if [ "$(uname -s)" = "Linux" ]; then
+        		command install -m 0755 -d "${destdir}/${prefix}/lib/systemd/system/"
+        		command install -m 0644 "${builddir}"/systemd/*.service "${destdir}/${prefix}/lib/systemd/system/"
+        fi
+  fi
 
 	if [ -e "${builddir}"/man ]; then
 		command install -m 0755 -d "${destdir}/${prefix}/share/man/man1/"
diff --git a/dist/systemd/maddy.service b/dist/systemd/maddy.service
@@ -54,8 +54,9 @@ KillSignal=SIGTERM
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
-# Force all files created by maddy to be only readable by it.
-UMask=0027
+# Force all files created by maddy to be only readable by it
+# and maddy group.
+UMask=0007
 
 # Bump FD limitations. Even idle mail server can have a lot of FDs open (think
 # of idle IMAP connections, especially ones abandoned on the other end and
diff --git a/dist/systemd/maddy@.service b/dist/systemd/maddy@.service
@@ -50,8 +50,9 @@ KillSignal=SIGTERM
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
-# Force all files created by maddy to be only readable by it.
-UMask=0027
+# Force all files created by maddy to be only readable by it and
+# maddy group.
+UMask=0007
 
 # Bump FD limitations. Even idle mail server can have a lot of FDs open (think
 # of idle IMAP connections, especially ones abandoned on the other end and
diff --git a/docs/tutorials/building-from-source.md b/docs/tutorials/building-from-source.md
@@ -34,17 +34,19 @@ $ git clone https://github.com/foxcpp/maddy.git
 $ cd maddy
 ```
 
-3. Select the appropriate version to build:
+2. Select the appropriate version to build:
 ```
 $ git checkout v0.7.0      # a specific release
 $ git checkout master      # next bugfix release
 $ git checkout dev         # next feature release
 ```
 
-2. Build & install it
+3. Build & install it
 ```
 $ ./build.sh
-# ./build.sh install
+$ sudo ./build.sh install
 ```
 
-3. Have fun!
+4. Finish setup as described in [Setting up](../setting-up) (starting from System configuration).
+
+
diff --git a/docs/tutorials/setting-up.md b/docs/tutorials/setting-up.md
@@ -246,6 +246,9 @@ storage account:
 $ maddy imap-acct create postmaster@example.org
 ```
 
+Note: to run `maddy` CLI commands, your user should be in the `maddy`
+group. Alternatively, just use `sudo -u maddy`.
+
 That is it. Now you have your first e-mail address. when authenticating using
 your e-mail client, do not forget the username is "postmaster@example.org", not
 just "postmaster".
