Mailman GID problem

Paul Schmehl pauls at utdallas.edu
Sat Apr 21 05:47:03 UTC 2007 

--On April 20, 2007 11:59:46 PM -0500 Jeffrey Goldberg 
<jeffrey at goldmark.org> wrote:
>
> I am fairly confident that if that is working for you, than you are not
> running with /usr/local/mailman/mail/mailman that was compiled with the
> current port with the postfix option set.  The binary mailman has a gid
> compiled into it.  Given the current port WITH_POSTFIX.
>
bash-2.05b# uname -a
FreeBSD mail.stovebolt.com 5.4-SECURITY FreeBSD 5.4-SECURITY #0: Tue Apr 
18 06:15:11 UTC 2006
bash-2.05b# pkg_info mailman*
Information for mailman-2.1.9_1:

bash-2.05b# less /usr/ports/mail/mailman/distinfo
MD5 (mailman/mailman-2.1.9.tgz) = dd51472470f9eafb04f64da372444835
SHA256 (mailman/mailman-2.1.9.tgz) = 
1b7a2c853c21bfd22205167dc3678c634a3f981721d95d1cd923ca84967cc986
SIZE (mailman/mailman-2.1.9.tgz) = 7829201

Looks like I'm current.  I build everything from ports.  I've never 
installed a package.  Ever.

> Installing the current port WITH_POSTFIX will produce a mailman binary
> which will only allow itself to be run by "nobody".  Yours must have
> "mailman" compiled in where "nobody" is in what I (and David) get.
>
> [jeffrey at dobby /usr/local/mailman/mail]$ strings mailman | tail
> leave
> post
> owner
> request
> unsubscribe
> Mailman mail-wrapper
> nobody
> Illegal command: %s
> Usage: %s program [args...]
> $FreeBSD: src/lib/csu/i386-elf/crtn.S,v 1.6 2005/05/19 07:31:06 dfr Exp $
>
bash-2.05b# strings /usr/local/mailman/mail/mailman | tail
join
leave
post
owner
request
unsubscribe
Mailman mail-wrapper
Illegal command: %s
Usage: %s program [args...]
$FreeBSD: src/lib/csu/i386-elf/crtn.S,v 1.5 2002/05/15 04:19:49 obrien Exp 
$
>
> What is your result on your system?  If you get "mailman" where I have
> "nobody" then one of my earlier suggestions (change MAIL_GID for the
> postfix setting from "nobody" to "mailman" in the port Makefile) may be
> the right thing.  That is what is most consistent with the mailman
> install instructions.
>
bash-2.05b# strings /usr/local/mailman/mail/mailman | grep nobody
bash-2.05b# strings /usr/local/mailman/mail/mailman | grep mailman
/usr/local/mailman
/usr/local/mailman/scripts/

>  From /usr/local/share/doc/mailman/mailman-install.txt
>
>   In section  6.1.1 Integrating Postfix and Mailman
>
>
>     * When you configure Mailman, use the --with-mail-gid=mailman
>       switch;
>
> However, the current ports Makefile compiles mailman
> --with-mail-gid=nobody
>
I don't build mailman that way.  I use pkgtools.conf.

bash-2.05b# grep -C2 mailman /usr/local/etc/pkgtools.conf

  MAKE_ARGS = {
        # Preset mailman so it will compile with the right group
        'mail/mailman' => 'MAIL_GID=mailman'
  }

> The same section also says
>
>         Make sure that the owner of the data/aliases and data/aliases.db
>         file is mailman, that the group owner for those files is mailman,
>         or whatever user and group you used in the configure command, and
>         that both files are group writable:
>         % su
>         % chown mailman:mailman data/aliases*
>         % chmod g+w data/aliases*
>
Clearly that last part is wrong.
bash-2.05b# ls -lsa /usr/local/mailman/data/aliases*
 6 -rw-r--r--  1 root     mailman   4383 Oct 14  2005 
/usr/local/mailman/data/aliases
 4 -rw-r-----  1 mailman  mailman   3984 Sep  8  2005 
/usr/local/mailman/data/aliases.bak
48 -rw-r-----  1 mailman  mailman  49152 May  5  2006 
/usr/local/mailman/data/aliases.db

I can't imagine why both files need to be group writeable.  The only time 
the file is written to (AFAIK) is when you add a mailing list, and mailman 
owns the file and has write access.  The only time the db is written to is 
when you run postalias, and you should always run that as root, either 
directly or through sudo.
>
> However it is the owner of the file containing the pipe alias that
> matters to postfix local deliveries.  See local(8).
>
Why?  Postfix only needs read access to know what aliases it needs to 
deliver to.  I don't see anything in local(8) that says postfix requires 
ownership of the alias file or the aliases db.

>> There's nothing at all wrong with the check_perms script.
>
> I am coming to that conclusion.  I now think that my second suggestion
> of changing the ports Makefile to set MAIL_GID to mailman instead of
> nobody when configuring for postfix is the correct direction to go.
>
Isn't that what the --with-mail-gid= is supposed to do?
>
> But I don't believe that that set-up will work with the configure
> options that get passed for compiling mailman with the current port.
>
> PORTNAME=       mailman
> DISTVERSION=    2.1.9
> PORTREVISION=   1
> CATEGORIES?=    mail
>

OK.

> Thus, with a bit more confidence that before I present the same Makefile
> diff I recommend:
>
> --- Makefile.orig       Fri Apr 20 14:17:08 2007
> +++ Makefile    Fri Apr 20 23:57:22 2007
> @@ -7,7 +7,7 @@
> PORTNAME=      mailman
> DISTVERSION=   2.1.9
> -PORTREVISION=  1
> +PORTREVISION=  2
> CATEGORIES?=   mail
> MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE} \
>                  http://www.list.org/
> @@ -88,7 +88,7 @@
> .if defined(WITH_SENDMAIL) || defined(WITH_EXIM3) || defined(WITH_EXIM4)
> BROKEN=        choose only one MTA integration
> .endif
> -MAIL_GID?=     nobody
> +MAIL_GID?=     mailman
> .endif
> .if defined(WITH_CHINESE)
>
Now that I've looked at the Makefile, you are correct.  For Postfix it 
selects nobody which is incorrect.  It should be selecting mailman. 
However, if you build the port like this: make -DWITH-MAIL-GID=mailman (or 
use pkgtools.conf as I do), you override the options and the port compiles 
correctly.

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

More information about the freebsd-ports mailing list