[Mailman-Users] Another solution to "Messages silently disappearing"
Wes Morriston
morristo at stripe.colorado.edu
Mon Feb 15 18:00:08 CET 1999
Hi Harald,
I ran your test script several times on my system (SuSE 6.0). Sometimes
~mailman/data was owner by daemon, sometimes by mailman. (I didn't know
whether that would make a difference.) Here are the results of two runs
(the first with ~mailman/data owned by mailman, the second by daemon).
---------------------------------------------------------------
+ TESTDIR=/tmp/mailman_setgid_test_dir32679
+ uname -a
Linux sophia 2.2.1 #1 Thu Feb 11 15:58:21 MST 1999 i686 unknown
+ mkdir -p /tmp/mailman_setgid_test_dir32679
+ chown root.mailman /tmp/mailman_setgid_test_dir32679
+ chmod 775 /tmp/mailman_setgid_test_dir32679
+ ls -lan /tmp/mailman_setgid_test_dir32679
total 2
drwxrwxr-x 2 0 101 1024 Feb 15 09:42 .
drwxrwxrwt 9 0 0 1024 Feb 15 09:42 ..
+ cd /tmp/mailman_setgid_test_dir32679
+ cat
+ gcc -o testprog testprog.c
+ chgrp mailman testprog
+ chmod 2755 testprog
+ su nobody -c /tmp/mailman_setgid_test_dir32679/testprog
testprog: RGID == 65534, EGID == 101
+ ls -lan /tmp/mailman_setgid_test_dir32679
total 37
drwxrwxr-x 2 0 101 1024 Feb 15 09:42 .
drwxrwxrwt 9 0 0 1024 Feb 15 09:42 ..
-rwxr-x--- 1 65534 101 0 Feb 15 09:42 success
-rwxr-sr-x 1 0 101 33647 Feb 15 09:42 testprog
-rw-r--r-- 1 0 0 415 Feb 15 09:42 testprog.c
------------------------------------------------------------------
+ TESTDIR=/tmp/mailman_setgid_test_dir32732
+ uname -a
Linux sophia 2.2.1 #1 Thu Feb 11 15:58:21 MST 1999 i686 unknown
+ mkdir -p /tmp/mailman_setgid_test_dir32732
+ chown root.mailman /tmp/mailman_setgid_test_dir32732
+ chmod 775 /tmp/mailman_setgid_test_dir32732
+ ls -lan /tmp/mailman_setgid_test_dir32732
total 2
drwxrwxr-x 2 0 101 1024 Feb 15 09:49 .
drwxrwxrwt 10 0 0 1024 Feb 15 09:49 ..
+ cd /tmp/mailman_setgid_test_dir32732
+ cat
+ gcc -o testprog testprog.c
+ chgrp mailman testprog
+ chmod 2755 testprog
+ su nobody -c /tmp/mailman_setgid_test_dir32732/testprog
testprog: RGID == 65534, EGID == 101
+ ls -lan /tmp/mailman_setgid_test_dir32732
total 37
drwxrwxr-x 2 0 101 1024 Feb 15 09:49 .
drwxrwxrwt 10 0 0 1024 Feb 15 09:49 ..
-rwxr-x--- 1 65534 101 0 Feb 15 09:49 success
-rwxr-sr-x 1 0 101 33647 Feb 15 09:49 testprog
-rw-r--r-- 1 0 0 415 Feb 15 09:49 testprog.c
-----------------------------------------------------------------
Thanks for your interest. Hope this helps...
Wes
Harald Meland wrote:
>
> [Wes Morriston]
>
> > In an earlier post I described a solution to the problem of messages
> > silently disappearing. Just change the ownership of ~mailman/data to
> > whatever sendmail runs under (in my case, "daemon"), and everything
> > works fine.
> >
> > Here is a different approach that accomplishes the same thing. Simply
> > add "daemon" to the list of users in the group "mailman." As far as I
> > can see, this works perfectly too.
>
> Both of these solutions sound like "band-aid solutions" to me. If
> no-one can understand *why* you have to "solve" your problems with
> hacks like the ones you describe above, other users will likely run
> into similar problems. So, in order to make Mailman easier to
> install, tracking down what _really_ is going wrong (and fixing it)
> would be a Good Thing.
>
> In your previous message, you said:
>
> > To get to the bottom line fast... the problem turned out to be that
> > mailman could not create temporary files in ~mailman/data. For some
> > reason, it was trying to write them as uid "daemon," but isn't allowed
> > to do that when ~mailman/data is owned by "mailman."
> [...]
> > I am not running NFS and there are no fancy mount options to worry
> > about.
> [...]
> > And this is what "wrapper" in ~mailman/mail looks like.
> >
> > -rwxr-sr-x 1 mailman mailman 19917 Feb 9 23:56 wrapper
>
> The seventh-column "s" in the ls(1) output for ~mailman/mail/wrapper
> is supposed to make the command run with "mailman" group privileges
> (i.e. the "effective group ID" of the process becomes "mailman") --
> regardless of what UID (and corresponding default GID) the MTA is
> running under.
>
> This means that anything "exec()"d by the "wrapper" program _should_
> be able to write to a directory with permissions
>
> > drwxrwsr-x 2 mailman mailman 1024 Feb 10 15:47 data
>
> As this doesn't appear to be the case for you, there must be something
> fishy going on somewhere.
>
> (Unless execve(2)ing a script removes any effective group privileges
> from the process... if that's the problem, a properly placed
> "setregid(getegid())" call would fix it, right?)
>
> In order to pinpoint what's going wrong, could someone (Wes or someone
> else with a system showing similar problems to the ones Wes have
> described) please run the attached shell script (as root, because it
> needs to play freely with UIDs and GIDs) and mail me the output?
>
> (I hope the script is reasonably portable and that it doesn't make too
> many invalid assumptions about which users and groups are defined on
> the system -- it has only been (quickly) tested on my Debian system,
> though.)
>
> > Why does MailMan insist on writing temporary files in ~mailman/data
> > with uid "daemon?"
>
> The UID shouldn't matter, the GID is what counts. This is actually a
> feature of Mailman, done by design so that even non-privileged users
> (but preferably with a GID to spare) can install Mailman, e.g. in
> their own home directories.
>
> BTW, I don't think that doing the Mailman install as root should break
> stuff -- and if it does, we need to pinpoint _what_ it is breaking so
> that it can be fixed.
> --
> Harald
>
> ------------------------------------------------------------------------
> Name: Mailman_test.sh
> Mailman_test.sh Type: Plain Text (text/plain)
> Description: Mailman_test.sh
More information about the Mailman-Users
mailing list