Date: Fri, 20 Apr 2007 13:44:57 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: Jeffrey Goldberg <jeffrey@goldmark.org>, David Southwell <david@vizion2000.net> Cc: ports@freebsd.org, List_Mailman Org <mailman-users@python.org> Subject: Re: Mailman GID problem Message-ID: <94592079D5FE1208BC6F7D03@utd59514.utdallas.edu> In-Reply-To: <CA436D2A-08D1-4CC9-B300-7FF4E7F929F0@goldmark.org> References: <200704200842.48793.david@vizion2000.net> <CA436D2A-08D1-4CC9-B300-7FF4E7F929F0@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========5ED8810CCD7A05DAC8F8==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--On Friday, April 20, 2007 11:38:03 -0500 Jeffrey Goldberg=20
<jeffrey@goldmark.org> wrote:
> On Apr 20, 2007, at 10:42 AM, David Southwell wrote:
>
>> Extract from /var/maillog
>> Apr 20 08:24:58 dns1 Mailman mail-wrapper: Group mismatch error.
>> Mailman
>> expected the mail wrapper script to be executed as group "nobody",
>> but the
>> system's mail server executed the mail script as group "mailman". Try
>> tweaking the mail server to run the script as group "nobody", or re-
>> run
>> configure, providing the command line option `--with-mail-
>> gid=3Dmailman'.
>
> I've given a complementary response on the mailman-users list (to which
> I'm also cc'ing this)
>
> Nothing I say below takes away from what I said in that previous post.
> The answers to the questions I've asked would have resolved this problem
> long ago.
>
> There appears to be a bug in the pkg-install file that comes with the
> current mailman port. When one installs (through FreeBSD ports) mailman
> selecting postfix as the MTA, the MAIL_GID correctly gets set to "nobody"
>
> But in the pkg-install script all of the mailman files get set with
>
> echo "---> Creating Mailman directory (/usr/local/mailman)"
> (umask 002 && /bin/mkdir -p "/usr/local/mailman") || exit 1
> /usr/sbin/chown -R "mailman:mailman" "/usr/local/mailman" || exit 1
> /bin/chmod g+s "/usr/local/mailman" || exit 1
>
> Which is correct for everything except for /usr/local/mailman/data which
> should actually be set with
>
> chown -R nobody:mailman /usr/local/mailman/data
>
> I don't know enough about ports to actually find the source pkg-install
> fine (the one I looked at and quoted from is after make has edited it
> with sed). So I'm not certain whether the problem is in the Makefile or
> in the source for the pkg-install.
>
> I experienced the same problem David had just a few weeks ago, but I
> attributed the problem (which I fixed by manually doing the chown) to me
> having moved my mailman set up from one machine to another. So I thought
> that I had the wrong permissions for /usr/local/mailman/data as a
> consequence of the move and not because the mailman FreeBSD port was
> broken.
>
> When I saw some of David's problems I started to have some suspicions,
> but I wasn't able to get enough information from him to really look at
> the ownerships the port set up.
*If* what you say is true, then this should fix it:
--- pkg-install.orig Fri Apr 20 13:42:17 2007
+++ pkg-install Fri Apr 20 13:42:47 2007
@@ -43,6 +43,7 @@
(umask 002 && /bin/mkdir -p "%%MAILMANDIR%%") || exit 1
/usr/sbin/chown -R "%%USER%%:%%GROUP%%" "%%MAILMANDIR%%" || exit 1
/bin/chmod g+s "%%MAILMANDIR%%" || exit 1
+ /usr/sbin/chown -R "nobody" "%%MAILMANDIR%%/data" || exit 1
fi
;;
I haven't tested it, so use it at your own risk.
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
--==========5ED8810CCD7A05DAC8F8==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94592079D5FE1208BC6F7D03>