From owner-freebsd-ports@FreeBSD.ORG Sat Apr 21 05:47:03 2007 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D88B316A401 for ; Sat, 21 Apr 2007 05:47:03 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from mail.stovebolt.com (mail.stovebolt.com [66.221.101.249]) by mx1.freebsd.org (Postfix) with ESMTP id B3B5913C44C for ; Sat, 21 Apr 2007 05:47:03 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from [192.168.2.102] (adsl-66-137-149-124.dsl.rcsntx.swbell.net [66.137.149.124]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.stovebolt.com (Postfix) with ESMTP id C68C2114326; Sat, 21 Apr 2007 00:47:26 -0500 (CDT) Date: Sat, 21 Apr 2007 00:46:59 -0500 From: Paul Schmehl To: Jeffrey Goldberg Message-ID: <05E49D98F442250F5D84D64D@paul-schmehls-powerbook59.local> In-Reply-To: <2D8F0EEC-CA1A-403E-8799-8E6D27C11475@goldmark.org> References: <200704200842.48793.david@vizion2000.net> <94592079D5FE1208BC6F7D03@utd59514.utdallas.edu> <241A5B7DB4C2BB1A9FE54C99@paul-schmehls-powerbook59.local> <2D8F0EEC-CA1A-403E-8799-8E6D27C11475@goldmark.org> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========D70B323F1390E28B57E7==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: ports@freebsd.org, Jean Milanez Melo Subject: Re: Mailman GID problem X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2007 05:47:03 -0000 --==========D70B323F1390E28B57E7========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On April 20, 2007 11:59:46 PM -0500 Jeffrey Goldberg=20 wrote: > > I am fairly confident that if that is working for you, than you are not > running with /usr/local/mailman/mail/mailman that was compiled with the > current port with the postfix option set. The binary mailman has a gid > compiled into it. Given the current port WITH_POSTFIX. > bash-2.05b# uname -a FreeBSD mail.stovebolt.com 5.4-SECURITY FreeBSD 5.4-SECURITY #0: Tue Apr=20 18 06:15:11 UTC 2006 bash-2.05b# pkg_info mailman* Information for mailman-2.1.9_1: bash-2.05b# less /usr/ports/mail/mailman/distinfo MD5 (mailman/mailman-2.1.9.tgz) =3D dd51472470f9eafb04f64da372444835 SHA256 (mailman/mailman-2.1.9.tgz) =3D=20 1b7a2c853c21bfd22205167dc3678c634a3f981721d95d1cd923ca84967cc986 SIZE (mailman/mailman-2.1.9.tgz) =3D 7829201 Looks like I'm current. I build everything from ports. I've never=20 installed a package. Ever. > Installing the current port WITH_POSTFIX will produce a mailman binary > which will only allow itself to be run by "nobody". Yours must have > "mailman" compiled in where "nobody" is in what I (and David) get. > > [jeffrey@dobby /usr/local/mailman/mail]$ strings mailman | tail > leave > post > owner > request > unsubscribe > Mailman mail-wrapper > nobody > Illegal command: %s > Usage: %s program [args...] > $FreeBSD: src/lib/csu/i386-elf/crtn.S,v 1.6 2005/05/19 07:31:06 dfr Exp = $ > bash-2.05b# strings /usr/local/mailman/mail/mailman | tail join leave post owner request unsubscribe Mailman mail-wrapper Illegal command: %s Usage: %s program [args...] $FreeBSD: src/lib/csu/i386-elf/crtn.S,v 1.5 2002/05/15 04:19:49 obrien Exp = $ > > What is your result on your system? If you get "mailman" where I have > "nobody" then one of my earlier suggestions (change MAIL_GID for the > postfix setting from "nobody" to "mailman" in the port Makefile) may be > the right thing. That is what is most consistent with the mailman > install instructions. > bash-2.05b# strings /usr/local/mailman/mail/mailman | grep nobody bash-2.05b# strings /usr/local/mailman/mail/mailman | grep mailman /usr/local/mailman /usr/local/mailman/scripts/ > From /usr/local/share/doc/mailman/mailman-install.txt > > In section 6.1.1 Integrating Postfix and Mailman > > > * When you configure Mailman, use the --with-mail-gid=3Dmailman > switch; > > However, the current ports Makefile compiles mailman > --with-mail-gid=3Dnobody > I don't build mailman that way. I use pkgtools.conf. bash-2.05b# grep -C2 mailman /usr/local/etc/pkgtools.conf MAKE_ARGS =3D { # Preset mailman so it will compile with the right group 'mail/mailman' =3D> 'MAIL_GID=3Dmailman' } > The same section also says > > Make sure that the owner of the data/aliases and data/aliases.db > file is mailman, that the group owner for those files is = mailman, > or whatever user and group you used in the configure command, = and > that both files are group writable: > % su > % chown mailman:mailman data/aliases* > % chmod g+w data/aliases* > Clearly that last part is wrong. bash-2.05b# ls -lsa /usr/local/mailman/data/aliases* 6 -rw-r--r-- 1 root mailman 4383 Oct 14 2005=20 /usr/local/mailman/data/aliases 4 -rw-r----- 1 mailman mailman 3984 Sep 8 2005=20 /usr/local/mailman/data/aliases.bak 48 -rw-r----- 1 mailman mailman 49152 May 5 2006=20 /usr/local/mailman/data/aliases.db I can't imagine why both files need to be group writeable. The only time=20 the file is written to (AFAIK) is when you add a mailing list, and mailman = owns the file and has write access. The only time the db is written to is = when you run postalias, and you should always run that as root, either=20 directly or through sudo. > > However it is the owner of the file containing the pipe alias that > matters to postfix local deliveries. See local(8). > Why? Postfix only needs read access to know what aliases it needs to=20 deliver to. I don't see anything in local(8) that says postfix requires=20 ownership of the alias file or the aliases db. >> There's nothing at all wrong with the check_perms script. > > I am coming to that conclusion. I now think that my second suggestion > of changing the ports Makefile to set MAIL_GID to mailman instead of > nobody when configuring for postfix is the correct direction to go. > Isn't that what the --with-mail-gid=3D is supposed to do? > > But I don't believe that that set-up will work with the configure > options that get passed for compiling mailman with the current port. > > PORTNAME=3D mailman > DISTVERSION=3D 2.1.9 > PORTREVISION=3D 1 > CATEGORIES?=3D mail > OK. > Thus, with a bit more confidence that before I present the same Makefile > diff I recommend: > > --- Makefile.orig Fri Apr 20 14:17:08 2007 > +++ Makefile Fri Apr 20 23:57:22 2007 > @@ -7,7 +7,7 @@ > PORTNAME=3D mailman > DISTVERSION=3D 2.1.9 > -PORTREVISION=3D 1 > +PORTREVISION=3D 2 > CATEGORIES?=3D mail > MASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE} \ > http://www.list.org/ > @@ -88,7 +88,7 @@ > .if defined(WITH_SENDMAIL) || defined(WITH_EXIM3) || defined(WITH_EXIM4) > BROKEN=3D choose only one MTA integration > .endif > -MAIL_GID?=3D nobody > +MAIL_GID?=3D mailman > .endif > .if defined(WITH_CHINESE) > Now that I've looked at the Makefile, you are correct. For Postfix it=20 selects nobody which is incorrect. It should be selecting mailman.=20 However, if you build the port like this: make -DWITH-MAIL-GID=3Dmailman = (or=20 use pkgtools.conf as I do), you override the options and the port compiles = correctly. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========D70B323F1390E28B57E7==========--