[Mailman-Users] wrapper script run as nogroup

Todd Freedom_Lover at pobox.com
Mon Nov 24 22:51:57 CET 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Barrett wrote:
> On 24 Nov 2003, at 17:25, Todd wrote:
>> What are the perms on /usr/local/mailman/mail/mailman?  Postfix
>> should be executing the script as whatever group the wrapper has.
>
> Your interpretation is not quite correct.
>
> When it is run, and as a security precaution, the mailman wrapper
> checks the group of the process which is executing it is what it
> expects and then and only then runs the mail delivery script with
> the mailman gid. This expected gid is compiled into the mailman
> wrapper as the value of --with-mail-gid from ./configure.
>
> The issue is not what gid the wrapper should run the Mailman mail
> delivery script as but what gid the wrapper expects the process
> running it to have.
>
> The error message is saying that it is being run with the gid
> nogroup when it was told to expect to be run by a process with the
> gid mailman.  If you want to stick with that then Postfix, repeat
> Postfix, has to execute with the gid mailman. Which may or may not
> be what you want.

The OP said that the error he was getting indicated that Postfix was
running the wrapper as nogroup, when mailman was expecting it to be
run as group mailman.  I didn't think there was anything really to
configure with Postfix in this regard.  I believed that it executed
with the group that the wrapper had, which his permissions showed was
group mailman.

Am I missing something here?  Does Postfix 2.0 behave differently in
this regard?

I did just notice Jeremy's follow-up that he changed the group on the
aliases files and that did the trick.  I was thinking that postfix
would run the wrapper as the group of the wrapper, but instead it runs
them as the group of the aliases file I guess.  Perhaps one of the
posfix gurus can jump in if that's wrong.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
How much does it cost to entice a dope-smoking UNIX system guru to
Dayton?
    -- Brian Boyle, UNIX/WORLD's First Annual Salary Survey

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQE/wn19uv+09NZUB1oRAh2JAJ9cUN5KFFdlBUmDi7HQ69v4PLTE2ACgligy
UxbWNV/RikHQo5wEx9dacWw=
=WQpd
-----END PGP SIGNATURE-----

More information about the Mailman-Users mailing list