Thank you for this detailed analysis that goes far above and beyond what one can reasonably expect! I did not expect the issue to be caused by the patches specific to Red Hat, otherwise I wouldn't have bothered you with this.
--On 7. Februar 2018 um 15:22:24 -0800 Mark Sapiro <mark@msapiro.net> wrote:
On 02/07/2018 01:38 PM, Sebastian Hagedorn wrote:
Hm, part of that was an artifact of running configure manually instead of using the SPEC file I usually use to build Mailman. With the latter and my "fix" I get the following:
$ mailman-config Configuration and build information for Mailman
Mailman version: 2.1.26 Build Date: Wed Feb 7 13:23:45 CET 2018
prefix: /usr/lib/mailman var_prefix: /var/lib/mailman mailman_user: mailman mailman_group: mailman mail_group: mail postfix mailman nobody daemon cgi_group: apache
configure_opts: "--prefix=/usr/lib/mailman --with-var-prefix=/var/lib/mailman --with-config-dir=/etc/mailman --with-lock-dir=/var/lock/mailman --with-log-dir=/var/log/mailman --with-pid-dir=/var/run/mailman --with-queue-dir=/var/spool/mailman --with-python=/usr/bin/python2.7 --with-mail-gid=mail postfix mailman nobody daemon --with-cgi-id=apache --with-cgi-gid=apache --with-mailhost=localhost.localdomain --with-urlhost=localhost.localdomain --without-permcheck"
So it's still using --without-permcheck, but the other options are there.
When I run that command without having made any changes in the unpacked tarball on a machine without a 'mailman' user, but with a 'mail' group, I get this from configure
configure: WARNING: unrecognized options: --with-config-dir, --with-lock-dir, --with-log-dir, --with-pid-dir, --with-queue-dir, --with-cgi-id
This is expected because those options to configure were added by RedHat as part of their FHS compliance patch. See <https://wiki.list.org/x/8486953> and <https://mail.python.org/pipermail/mailman-developers/2004-October/017343 .html>
Right, we've been using the Red Hat patches for many years. Even on RHEL 7 Red Hat only provides an RPM for 2.1.15, so at some point I took the SPEC file from their source RPM and have been updating it myself.
I get this from the bin/mailman-config command
Configuration and build information for Mailman
Mailman version: 2.1.26 Build Date: Wed Feb 7 14:19:11 PST 2018
prefix: /usr/lib/mailman var_prefix: /var/lib/mailman mailman_user: mailman_group: mail_group: mail cgi_group: apache
configure_opts: "--prefix=/usr/lib/mailman --with-var-prefix=/var/lib/mailman --with-config-dir=/etc/mailman --with-lock-dir=/var/lock/mailman --with-log-dir=/var/log/mailman --with-pid-dir=/var/run/mailman --with-queue-dir=/var/spool/mailman --with-python=/usr/bin/python2.7 --with-mail-gid=mail postfix mailman nobody daemon --with-cgi-id=apache --with-cgi-gid=apache --with-mailhost=localhost.localdomain --with-urlhost=localhost.localdomain --without-permcheck"
The empty mailman_user and mailman_group is because there is no 'mailman' user/group on the system I ran it on and the fact that I get mail_group = 'mail' rather than 'mail postfix mailman nobody daemon' is because there is a 'mail' group (it picks the first group that exists from that list and only yields the whole list as the result if none exist.
I suspect that your actual configure command options rather than the ones reported by your bin/mailman-config are something like
--prefix=/usr/lib/mailman --with-var-prefix=/var/lib/mailman --with-config-dir=/etc/mailman --with-lock-dir=/var/lock/mailman --with-log-dir=/var/log/mailman --with-pid-dir=/var/run/mailman --with-queue-dir=/var/spool/mailman --with-python=/usr/bin/python2.7 --with-mail-gid='"mail postfix mailman nobody daemon"' --with-cgi-id=apache --with-cgi-gid=\"apache\" --with-mailhost=localhost.localdomain --with-urlhost=localhost.localdomain --without-permcheck
and that's where the extraneous quotes are coming from. I think the passing of a list to --with-mail-gid relies on another RedHat modification to the mail wrapper to be able to dynamically configure the mail group and not build it in to the RPM.
In our SPEC file it looks like this:
./configure
--prefix=%{mmdir}
--with-var-prefix=%{varmmdir}
--with-config-dir=%{configdir}
--with-lock-dir=%{lockdir}
--with-log-dir=%{logdir}
--with-pid-dir=%{piddir}
--with-queue-dir=%{queuedir}
--with-python=/usr/bin/python2.7
--with-mail-gid=%{mailgroup}
--with-cgi-id=%{cgiuser}
--with-cgi-gid=%{cgigroup}
--with-mailhost=localhost.localdomain
--with-urlhost=localhost.localdomain
--without-permcheck
The variables in question are defined like this:
# Now, the groups your mail spoolers run as. Sendmail uses 'mail'(12) # and postfix used to use 'nobody', but now uses 'postfix' %define mailgroup "mail postfix mailman nobody daemon"
# Now, the user and group the CGIs will expect to be run under. This should # match the user and group the web server is configured to run as. The scripts # will error out if they are invoked by any other user. %define cgiuser apache %define cgigroup apache
Which explains the quotes for mailgroup, although I don't understand where the quotes for cgigroup come from ...
The question is what are you trying to do.
If you just want to build a working Mailman 2.1.26 installation, I suggest removing the --with-config-dir, --with-lock-dir, --with-log-dir, --with-pid-dir, --with-queue-dir, --with-cgi-id options and setting --with-mail-gid and --with-cgi-gid to the appropriate single groups without any quotes.
That would be fine for a new installation but I'm wary of such a change on an active system. In hindsight we should never have used the RPMs provided by Red Hat in the first place.
If you are trying to build a RHEL FHS compliant Mailman, start by porting the patch in the attachment to <https://mail.python.org/pipermail/mailman-developers/2004-October/017343 .html> and applying it, running autoconf to regenerate configure from configure.in
That's what we're already doing.
and take any resultant issues to RedHat.
That part is useless, unfortunately.
Note, the last I knew, John Dennis was still at RedHat, but was no longer working with Mailman, but that was a long time ago. In case it isn't obvious, I recommend the first approach.
As I mentioned I "fixed" this by removing the quotes around @MAIL_GROUP@ and @CGI_GROUP@. I have included that patch in our SPEC file with a note not to bother the community with that issue.
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:..:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.