Hi all, I noticed a conversation on the recent thread releasing 2.1.26, but wanted to start a new thread that'll hopefully stay on-topic. Because the mailman configure requires the user and group to exist prior to running, as well as hard coding the actual values once run, it becomes very hard for porters/packagers when trying to support multiple mail servers and their respective user/group configurations (sendmail, postfix, exim, openstmpd, etc); and additionally the various web servers. Either we have to create a package for every combination or come up with another solution. What I did for the OpenBSD ports tree was to rewrite check_caller() in src/common.c (with src/common.h addition). It allows one to set the username, groupname, cgi-gid and mail-gid all via configure without these having to be setup beforehand. From the log message: - Rewrite src/common.c:check_caller() for the cgi/mail wrapper to now look at the defined group membership instead, _mailmanq (a new group). This allows the administrator to switch mail servers and web servers without requiring a FLAVOR for each combination; but rather, by simply adding the cgi/mail user to the _mailmanq group. This is a diversion from upstream, but will be proposed. At least sthen@ and dlg@ agree to go in this general direction. Here as well: https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/mailman/patches/patch-s... https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/mailman/patches/patch-s... In the OpenBSD ports tree, configure is now run with: --with-username=_mailman \ --with-groupname=_mailman \ --with-cgi-gid=_mailmanq \ --with-mail-gid=_mailmanq and the admin can change/migrate mail servers as well as web servers by just mucking with group memberships; no need to rebuild - allows mailman to be packaged basically. I realize now I never sent this upstream, so better late than never :) Inline patch to src/common.[ch] to follow, hopefully in the same style as the original. Considerations, thoughts? Thanks, Okan $OpenBSD: patch-src_common_h,v 1.1 2016/04/22 16:42:14 okan Exp $ --- src/common.h.orig Sun Mar 20 13:48:18 2016 +++ src/common.h Sun Mar 20 13:53:00 2016 @@ -27,6 +27,7 @@ #include <errno.h> #include <sys/types.h> #include <grp.h> +#include <pwd.h> #include <unistd.h> /* GETGROUPS_T gets set in the makefile by configure */ @@ -52,6 +53,7 @@ extern const char* logident; #define MAIL_ILLEGAL_COMMAND 6 #define ADDALIAS_USAGE_ERROR 7 #define GROUP_NAME_NOT_FOUND 8 +#define USER_NAME_NOT_FOUND 9 /* $OpenBSD: patch-src_common_c,v 1.1 2016/04/22 16:42:14 okan Exp $ --- src/common.c.orig Sun Feb 28 15:47:44 2016 +++ src/common.c Sun Mar 20 16:22:35 2016 @@ -119,45 +119,39 @@ fatal(const char* ident, int exitcode, char* format, . void check_caller(const char* ident, const char* parentgroup) { - GID_T mygid = getgid(); - struct group *mygroup = getgrgid(mygid); - char* option; - char* server; + struct passwd *pw; + struct group *gr; + char **g; + int ok = 0; char* wrapper; - if (running_as_cgi) { - option = "--with-cgi-gid"; - server = "web"; - wrapper = "CGI"; - } - else { - option = "--with-mail-gid"; - server = "mail"; - wrapper = "mail"; - } + pw = getpwuid(getuid()); + if (pw == NULL) + fatal(ident, USER_NAME_NOT_FOUND, + "Failure to find username"); - if (!mygroup) - fatal(ident, GROUP_NAME_NOT_FOUND, - "Failure to find group name for GID %d. Mailman\n" - "expected the %s wrapper to be executed as group\n" - "\"%s\", but the system's %s server executed the\n" - "wrapper as GID %d for which the name could not be\n" - "found. Try adding GID %d to your system as \"%s\",\n" - "or tweak your %s server to run the wrapper as group\n" - "\"%s\".", - mygid, wrapper, parentgroup, server, mygid, mygid, - parentgroup, server, parentgroup); + gr = getgrnam(parentgroup); + if (gr == NULL) + fatal(ident, GROUP_NAME_NOT_FOUND, + "Failure to find \"%s\" group", parentgroup); - if (strcmp(parentgroup, mygroup->gr_name)) - fatal(ident, GROUP_MISMATCH, - "Group mismatch error. Mailman expected the %s\n" - "wrapper script to be executed as group \"%s\", but\n" - "the system's %s server executed the %s script as\n" - "group \"%s\". Try tweaking the %s server to run the\n" - "script as group \"%s\", or re-run configure, \n" - "providing the command line option `%s=%s'.", - wrapper, parentgroup, server, wrapper, mygroup->gr_name, - server, parentgroup, option, mygroup->gr_name); + for (g = gr->gr_mem; *g; g++) { + if (strcmp(pw->pw_name, *g) == 0) { + ok = 1; + break; + } + } + + if (running_as_cgi) + wrapper = "CGI"; + else + wrapper = "mail"; + + if (ok == 0) + fatal(ident, GROUP_MISMATCH, + "Group mismatch error. Mailman expected the %s\n" + "wrapper script to be executed by a member of\n" + "\"%s\" group.", wrapper, parentgroup); }