mailman on freeBSD 8.2: getgrgid error
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
Hi folks, I've been fiddling with mailman 2.1.14 (from freebsd ports) on free BSD 8.2. Everything seems to be fine so far except for the web based stuff. I get the following error when I try to access the page:
http://this.great.site/mailman/listinfo
-------<error>-------- Mailman CGI error!!!
The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog: Failure to find group name for GID 80. Mailman expected the CGI wrapper to be executed as group "www", but the system's web server executed the wrapper as GID 80 for which the name could not be found. Try adding GID 80 to your system as "www", or tweak your web server to run the wrapper as group "www". -------</error>---------
This system has a www user and gid is 80 (group = www). In the first attempt, I let freebsd choose its own configure-arguments and later I tried it myself. Error remained the same.
AFAIK, src/common.c is checking the GID with getgid() followed by getgrgid(). Now, my machine uses blowfish instead of md5 for passwd. getgid() is returning 80 - which is fine since i have gid(www) = 80 on my system. However, getgrgid(gid) returns null :-| I gave up my fight at that point and decided to ask for help :)
I tried to figure out the behaviour of these functions with a small test code: getgrgid() returns gr_passwd = * for blowfish, and gr_passwd = x for md5. Is that an issue with mailman or am I making mistakes somewhere else in the installation? My apache config is given below (I followed the steps in installation doc.)
Thanks in advance..!
---------<apache-config4mailman>---------------- ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/" Alias /pipermail/ "/usr/local/mailman/archives/public/"
<Directory "/usr/local/mailman"> Options FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all </Directory>
RedirectMatch ^/mailman[/]*$ http://this.great.site/mailman/listinfo/ ---------</apache-config4mailman>----------------
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
Rekhesh Mohan wrote:
This appears to be a C library/OS issue that has nothing to do with Mailman. getgrgid(gid) should return a struct group for the group whose ID is gid. This structure should contain the information which is a representation of the fields in the /etc/groups record for that gid. If gid is valid, the return from getgrgid(gid) should not be null.
Mailman only cares about getgrgid()->gr_name.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On 01/08/2011 Mark wrote
You are probably right. It may be an issue in C library/OS. I will try and discuss this in freeBSD lists.
Now here is something that spoiled my sleep: I wrote a small test program to call getgrgid(), and it prints getgrgid()->gr_name = www. When I added a print statement inside common.c, I get getgrgid()->gr_name = null (it goes to http error log, since http headers are not defined at this stage of the code).
Anyways, thanks again for your help..
--R
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On Wednesday, August 03, 2011 02:06:50 AM Mark Sapiro wrote:
Yes. They are world readable. By the way, I'm making some progress here :)
I can now confirm that issue is with system/OS security and not with mailman. getgrgid()->gr_name returns meaningful value only if a member of "wheel" group calls it. I added my apache-user "www" to wheel group (his primary group is still www) and mailman is happy - web interface is working. I am not sure about the security implications of apache user being a member of wheel group.
Need to check if this is the default behaviour of freeBSD 8.2. I am searching for a machine where I can try a fresh and clean install of freeBSD + mailman. Please let me know If anyone here has a mailman working on freeBSD 8.2
--R
![](https://secure.gravatar.com/avatar/cf212b670ff8a10ac08609610c0a6c89.jpg?s=120&d=mm&r=g)
Hello Rekhesh Mohan
On 08/03/2011 08:23 AM, Rekhesh Mohan wrote:
The wheel group is the group for all admins not named root!
You never should give the apache user admin privileges. If someone breaks into your apache she can overtake your whole machine at once.
I don't know freeBSD. Does it use something like SELinux?
Kind regards, Christian Mack
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On Wednesday, August 03, 2011 01:52:23 PM Mailman Admin wrote:
Hi Christian,
Sure :) I have already pulled out the www from wheel. That was one of the many things I have been trying out to understand the issue.
I am new to freeBSD - There is nothing like selinux.. but it has some kernel security level setting, which is disabled on my system.
Thanks!
--R
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On 03/08/2011 Mark wrote
Hi people,
Issue is solved, after some help from freebsd-hackers list. /etc had 750 permissions. I was too busy looking into /etc and forgot to look above the directory (or probably I'm growing too old for this kind of stuff) :)
Thanks again, everyone..!
--R
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
Rekhesh Mohan wrote:
This appears to be a C library/OS issue that has nothing to do with Mailman. getgrgid(gid) should return a struct group for the group whose ID is gid. This structure should contain the information which is a representation of the fields in the /etc/groups record for that gid. If gid is valid, the return from getgrgid(gid) should not be null.
Mailman only cares about getgrgid()->gr_name.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On 01/08/2011 Mark wrote
You are probably right. It may be an issue in C library/OS. I will try and discuss this in freeBSD lists.
Now here is something that spoiled my sleep: I wrote a small test program to call getgrgid(), and it prints getgrgid()->gr_name = www. When I added a print statement inside common.c, I get getgrgid()->gr_name = null (it goes to http error log, since http headers are not defined at this stage of the code).
Anyways, thanks again for your help..
--R
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On Wednesday, August 03, 2011 02:06:50 AM Mark Sapiro wrote:
Yes. They are world readable. By the way, I'm making some progress here :)
I can now confirm that issue is with system/OS security and not with mailman. getgrgid()->gr_name returns meaningful value only if a member of "wheel" group calls it. I added my apache-user "www" to wheel group (his primary group is still www) and mailman is happy - web interface is working. I am not sure about the security implications of apache user being a member of wheel group.
Need to check if this is the default behaviour of freeBSD 8.2. I am searching for a machine where I can try a fresh and clean install of freeBSD + mailman. Please let me know If anyone here has a mailman working on freeBSD 8.2
--R
![](https://secure.gravatar.com/avatar/cf212b670ff8a10ac08609610c0a6c89.jpg?s=120&d=mm&r=g)
Hello Rekhesh Mohan
On 08/03/2011 08:23 AM, Rekhesh Mohan wrote:
The wheel group is the group for all admins not named root!
You never should give the apache user admin privileges. If someone breaks into your apache she can overtake your whole machine at once.
I don't know freeBSD. Does it use something like SELinux?
Kind regards, Christian Mack
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On Wednesday, August 03, 2011 01:52:23 PM Mailman Admin wrote:
Hi Christian,
Sure :) I have already pulled out the www from wheel. That was one of the many things I have been trying out to understand the issue.
I am new to freeBSD - There is nothing like selinux.. but it has some kernel security level setting, which is disabled on my system.
Thanks!
--R
![](https://secure.gravatar.com/avatar/bc0184e4ae3d273f77ac123849c654b0.jpg?s=120&d=mm&r=g)
On 03/08/2011 Mark wrote
Hi people,
Issue is solved, after some help from freebsd-hackers list. /etc had 750 permissions. I was too busy looking into /etc and forgot to look above the directory (or probably I'm growing too old for this kind of stuff) :)
Thanks again, everyone..!
--R
participants (3)
-
Mailman Admin
-
Mark Sapiro
-
Rekhesh Mohan