[Mailman-Users] Still installation woes

John Dennis jdennis at redhat.com
Mon Jun 20 17:43:06 CEST 2005 

On Sun, 2005-06-19 at 21:54 +0100, Rob Shepherd wrote:
> I can't believe this is giving me so much trouble.
> 
> mailman 2.1.6, solaris9 UltraSPARC 64bit
> 
> Some basic questions
> 
> I am running postfix as group "postfix" although mailman
> 
> *without* --with-mail-gid=postfix (imlies --with-mail-gid=mailman right?)
> 
> Mail comes through fine... is this OK?
> 
> I am running apache 2.0.52 as group  "apache2" and mailman
> 
> *with* --with-cgi-gid=apache2
> 
> Although if I want the web interface to work I must.....
> 
> su - mailman
> cd /usr/local/mailman/cgi-bin
> chmod g+s *
> 
> I can't decide whether these files should have been like this already??
> check_perms found no errors!! but everything I've read suggest that these are 
> wrapped by the code which does the bale out if the calling gid is not correct

You are correct, the files in mailman/cgi-bin and mailman/mail must be
group owned by mailman and be setgid.

The Makefiles generated by ./configure should have done this when you
performed a "make install".

Take a look at mailman/cgi-bin/Makefile and see what it's doing to set
group ownership and the "sticky bit" (e.g. setgid). Last time I looked
at that code I seem to recall wondering if the embedded commands might
not be fully portable, something I fixed in patch. If memory serves me
correctly the Makefiles were incorrectly relying on the inheritence of
the setgid bit of the parent directory (in other words any file
installed into a directory that is setgid takes on the setgid property).
This is true of many UNIX style systems, but NOT Solaris. I also seem to
recall that the Makefile only sets setgid on the directory which is
consistent with your observation. Once again this is not portable to
Solaris. I thought I submitted a patch for this to Source Forge a year
or two ago but I confess my memory is fuzzy.

You could also trying running "make install" in either the mail or
cgi-bin directories and observing what it does or if any errors or
warning occur.

> from a fresh install I have no binary that is setgid mailman
> only directories
> 
> Is the installation broken? what other files need to be setgid?

The minimum is cgi-bin/* and mail/mailman.

> 
> /usr/local/mailman/mail/mailman is *not* setgid but postfix can pipe to that OK,
> 
> Also, should I end up with "any" files being owned by apache2?  after using the 
> web interface to add a list I found that aliases, aliases.db and 
> virtual-mailman.db were still the original ownership but virtual-mailman had 
> been claimed ownership by apache2.... is this right,

Sounds dubious to me, but I'd have to go back and look at the code that
generates/modifies this file.


-- 
John Dennis <jdennis at redhat.com>

More information about the Mailman-Users mailing list