From c2ba2b317743b87697edff4f1f0def15a982628f Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 29 Oct 2024 16:42:50 +0000 Subject: [PATCH] Add documentation about Django/Mailman super user The Django admin account is also a super user in Hyperkitty and Postorius, providing a backdoor for systems administrators in a pinch. Change-Id: Ic2a8763186c8b6f689c7e8c2f016429944aad753 --- doc/source/lists.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/doc/source/lists.rst b/doc/source/lists.rst index 742cdf6c64..db43fc0335 100644 --- a/doc/source/lists.rst +++ b/doc/source/lists.rst @@ -52,3 +52,22 @@ This may only be performed with root access to the list server. Use context help for the CLI's many subcommands, or see the Mailman v3 documentation for more details. + +Django Admin Interface +====================== + +There is an admin WebUI at ``/admin/``, but it's only accessible over a +loopback from localhost. If you need to use it, you'll want to connect an +SSH tunnel from your own system and then override DNS resolution for +``lists.opendev.org`` to point to your loopback address. + +List Configuration and Moderation Backdoor +========================================== + +If you need to step in and assist a list moderator or owner with +configuration and moderation tasks, you can log into the appropriate +Postorius URL for the corresponding list domain with the Django admin +credentials. This is effectively a Mailman "super user" account (as well as +being the account for administering the underlying Django installation). +This same account can be similarly used in Hyperkitty to delete spam +messages and threads in an emergency if the list owner is unavailable.