[Mailman-Users] Mailman GID problem

Jeffrey Goldberg jeffrey at goldmark.org
Sat Apr 21 06:59:46 CEST 2007 

On Apr 20, 2007, at 9:26 PM, Paul Schmehl wrote:

> --On April 20, 2007 7:54:45 PM -0500 Jeffrey Goldberg  
> <jeffrey at goldmark.org> wrote:

>> So the first fix (modifying the owner of data/aliases{,.db}) is the
>> right way to go, but instead of making those files owned by "nobody"
>> (which does seem dangerous because than anything running as "nobody"
>> could change those file) they should be owned by root with mailman as
>> the group and permissions like 664.
>>
> Nobody is an unprivileged user.

Thank you.  I forgot about that.  I was treating "nobody" like "www"  
or "mail".  It entirely slipped my mind that "nobody" really is  
different.

>> it would break to ownership of the aliases file so that we would have
>> the mismatch between what the uid postfix gives the the wrapper
>> ("mailman") and what the wrapper demands ("nobody").
>>
> Nope.  I've been running mailman for years now, and it works  
> perfectly fine.  The owner of the data directory is mailman, and  
> the group is mailman.
> ls -lsa /usr/local/mailman/data/
> total 132
> 2 drwxrwsr-x   2 mailman  mailman    512 Apr  7 19:47 .
> 2 drwxrwsr-x  20 mailman  mailman    512 Nov 28 17:48 ..
> 48 -rw-r--r--   1 mailman  mailman  65536 Sep  6  2005 .db
> 2 -rw-r-----   1 mailman  mailman     41 Sep  6  2005 adm.pw
> 6 -rw-r--r--   1 root     mailman   4383 Oct 14  2005 aliases
> 4 -rw-r-----   1 mailman  mailman   3984 Sep  8  2005 aliases.bak
> 48 -rw-r-----   1 mailman  mailman  49152 May  5  2006 aliases.db
> 0 -rw-rw-rw-   1 mailman  mailman      0 Sep  9  2005 bounce- 
> events-00446.pck
> 0 -rw-rw-rw-   1 mailman  mailman      0 Sep  9  2005 bounce- 
> events-00449.pck
> 0 -rw-rw-rw-   1 mailman  mailman      0 Sep  9  2005 bounce- 
> events-00467.pck
> 0 -rw-rw-rw-   1 mailman  mailman      0 Jan 27  2006 bounce- 
> events-00567.pck
> 0 -rw-rw-rw-   1 mailman  mailman      0 Oct 13  2005 bounce- 
> events-38840.pck
> 2 -rw-r-----   1 mailman  mailman     41 Sep  6  2005 creator.pw
> 2 -rw-r--r--   1 root     mailman     10 Nov 28 17:48  
> last_mailman_version
> 2 -rw-rw----   1 mailman  mailman      4 Apr  1 08:31 master- 
> qrunner.pid
> 14 -rw-r--r--   1 root     mailman  14114 Nov 28 17:48 sitelist.cfg

I am fairly confident that if that is working for you, than you are  
not running with /usr/local/mailman/mail/mailman that was compiled  
with the current port with the postfix option set.  The binary  
mailman has a gid compiled into it.  Given the current port  
WITH_POSTFIX.

Installing the current port WITH_POSTFIX will produce a mailman  
binary which will only allow itself to be run by "nobody".  Yours  
must have "mailman" compiled in where "nobody" is in what I (and  
David) get.

[jeffrey at dobby /usr/local/mailman/mail]$ strings mailman | tail
leave
post
owner
request
unsubscribe
Mailman mail-wrapper
nobody
Illegal command: %s
Usage: %s program [args...]
$FreeBSD: src/lib/csu/i386-elf/crtn.S,v 1.6 2005/05/19 07:31:06 dfr  
Exp $


What is your result on your system?  If you get "mailman" where I  
have "nobody" then one of my earlier suggestions (change MAIL_GID for  
the postfix setting from "nobody" to "mailman" in the port Makefile)  
may be the right thing.  That is what is most consistent with the  
mailman install instructions.

 From /usr/local/share/doc/mailman/mailman-install.txt

  In section  6.1.1 Integrating Postfix and Mailman


    * When you configure Mailman, use the --with-mail-gid=mailman
      switch;

However, the current ports Makefile compiles mailman --with-mail- 
gid=nobody

The same section also says

        Make sure that the owner of the data/aliases and data/aliases.db
        file is mailman, that the group owner for those files is  
mailman,
        or whatever user and group you used in the configure command,  
and
        that both files are group writable:
        % su
        % chown mailman:mailman data/aliases*
        % chmod g+w data/aliases*

>
> It is the *group* that matters to postfix, *not* the owner.  Per  
> the pkg-message file:
> Mailman has been installed, but requires further configuration  
> before use!
>
> You will have to configure both your MTA (mail server) and web  
> server to
> integrate with Mailman.  If the port's documentation has been  
> installed,
> extensive post-installation instructions may be found in:
>
>  %%DOCSDIR%%/FreeBSD-post-install-notes
>
> Note (1):  If you use an alternate (non-Sendmail) MTA, you MUST be  
> sure
> that the correct value of MAIL_GID was used when this port or package
> was built.  Performing a "make options" in the Mailman port directory
> will list required values for various mail servers.
>
> Note that MAIL_GID is what matters.  That is the *group* not the  
> owner of the files.  Note also that the group only has read writes  
> to the aliases file, although it does have read/write access to the  
> bounce-events files.

However it is the owner of the file containing the pipe alias that  
matters to postfix local deliveries.  See local(8).


>> So maybe the problem is with check_perms and not with the port at all
>> (well the port would still need to get the aliases files owned by  
>> root).
>>
> There's nothing at all wrong with the check_perms script.

I am coming to that conclusion.  I now think that my second  
suggestion of changing the ports Makefile to set MAIL_GID to mailman  
instead of nobody when configuring for postfix is the correct  
direction to go.

> mailman owns the aliases db for mailman:
> ls -lsa /usr/local/mailman/data/aliases*
> 6 -rw-r--r--  1 root     mailman   4383 Oct 14  2005 /usr/local/ 
> mailman/data/aliases
> 4 -rw-r-----  1 mailman  mailman   3984 Sep  8  2005 /usr/local/ 
> mailman/data/aliases.bak
> 48 -rw-r-----  1 mailman  mailman  49152 May  5  2006 /usr/local/ 
> mailman/data/aliases.db
>
> And this is a working setup of mailman and postfix that's been  
> running for years.

But I don't believe that that set-up will work with the configure  
options that get passed for compiling mailman with the current port.

PORTNAME=       mailman
DISTVERSION=    2.1.9
PORTREVISION=   1
CATEGORIES?=    mail

Thus, with a bit more confidence that before I present the same  
Makefile diff I recommend:

--- Makefile.orig       Fri Apr 20 14:17:08 2007
+++ Makefile    Fri Apr 20 23:57:22 2007
@@ -7,7 +7,7 @@
PORTNAME=      mailman
DISTVERSION=   2.1.9
-PORTREVISION=  1
+PORTREVISION=  2
CATEGORIES?=   mail
MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE} \
                 http://www.list.org/
@@ -88,7 +88,7 @@
.if defined(WITH_SENDMAIL) || defined(WITH_EXIM3) || defined(WITH_EXIM4)
BROKEN=        choose only one MTA integration
.endif
-MAIL_GID?=     nobody
+MAIL_GID?=     mailman
.endif
.if defined(WITH_CHINESE)

Cheers,

-j

-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/

More information about the Mailman-Users mailing list