[Mailman-Users] groupname and mail-gid

Andy Rowan rowan at crssa.rutgers.edu
Wed Jun 2 23:17:18 CEST 2004 

Here's the short version of my question: is there a reason why I should NOT 
use the same group "mail" for both the "--with-groupname" and 
"--with-mail-gid" configure options?


The long version is this.  I'm having some difficulties with gids.  I'm 
running mailman 2.1.5 and sendmail 8.12.10 on a redhat linux 7.2 box.  Both 
the mailman and sendmail I compiled from source, they're not RPMs.  If I 
use the defaults for group name when I configure, I get an error:

"Group mismatch error.  Mailman expected the mail
wrapper script to be executed as group "mailman", but
the system's mail server executed the mail script as
group "mail".  Try tweaking the mail server to run the
script as group "mailman", or re-run configure,
providing the command line option `--with-mail-gid=mail'."

So no problem, I just use the "--with-mail-gid=mail" switch for configure, 
rather than messing with sendmail.  This worked.  (It worked with 2.1.3 
too.)   Now sendmail is using "mail," and that's what mailman is expecting, 
so everyone is happy.

New wrinkle.  Now I want to have my mail alias for the list invoke procmail 
first, and then from the procmail recipe I pipe to mailman.  So my alias 
entry looks like this:

mmtest:              "|/usr/bin/procmail -m /etc/procmailrcs/mailman mmtest"

(By the way, the FAQ entry says to use a variable assignment 
"MAILMAN=mmtest" to pass the list name, but the current version of procmail 
won't allow that if the rc file is in /etc/procmailrcs, for security 
reasons.  Putting the listname as an argument and then capturing it in the 
rcfile as $1 works.  But I digress.)

When I do this, the group mismatch error comes back again, in reverse: 
mailman now expects the group "mail" but the system is executing the script 
as group "mailman."  I assume this is because the mail/mailman executable 
is owned by mailman.mailman and is setgid, so when procmail launches it, it 
gets that gid.

So, I could change the configure option back.  But I want to avoid a 
situation where my procmail setup works and the standard alias doesn't.  So 
I need to get the same group ownership both ways.

One solution would seem to be to configure using "--with-groupname" and 
"--with-mail-gid" both set to "mail," which is the group that sendmail 
wants to use to run the wrapper.  Then presumably mailman will have that 
gid when procmail launches it as well.  Is there a reason that this is a 
bad idea?

The other solution would seem to be to get in and change sendmail so that 
it uses the mailman group instead, but then I don't know what other effects 
that will have.

So, is it ok to have those both be "mail."  Or is there some other way?


-Andy

More information about the Mailman-Users mailing list