Mailman GID problem

Jeffrey Goldberg jeffrey at goldmark.org
Sat Apr 21 14:33:21 UTC 2007 

On Apr 21, 2007, at 12:46 AM, Paul Schmehl wrote:

> Clearly that last part is wrong.
> bash-2.05b# ls -lsa /usr/local/mailman/data/aliases*
> 6 -rw-r--r--  1 root     mailman   4383 Oct 14  2005 /usr/local/ 
> mailman/data/aliases
> 4 -rw-r-----  1 mailman  mailman   3984 Sep  8  2005 /usr/local/ 
> mailman/data/aliases.bak
> 48 -rw-r-----  1 mailman  mailman  49152 May  5  2006 /usr/local/ 
> mailman/data/aliases.db
>
> I can't imagine why both files need to be group writeable.  The  
> only time the file is written to (AFAIK) is when you add a mailing  
> list, and mailman owns the file and has write access.  The only  
> time the db is written to is when you run postalias, and you should  
> always run that as root, either directly or through sudo.

Mailman will call postalias itself when you create a new list.  At  
least if it is properly configured for postfix.  In the install from  
ports with the postfix option I have

  POSTFIX_ALIAS_CMD = '/usr/local/sbin/postalias'

in Defaults.py, though I haven't spotted where that is actually called.

>> However it is the owner of the file containing the pipe alias that
>> matters to postfix local deliveries.  See local(8).
>>
> Why?  Postfix only needs read access to know what aliases it needs  
> to deliver to.  I don't see anything in local(8) that says postfix  
> requires ownership of the alias file or the aliases db.

Look in the DELIVERY RIGHTS section of the man page

DELIVERY RIGHTS
    Deliveries to external files and external commands are  made   
with  the
    rights  of the receiving user on whose behalf the delivery is  
made.  In
    the absence of a user context,  the  local(8)  daemon  uses  the   
owner
    rights  of  the :include: file or alias database.  When those  
files are
    owned by the superuser, delivery is made with the rights  
specified with
    the default_privs configuration parameter.

I discussed that in some earlier post when trying to explain why I  
thought the
.db files should be owned by root or nobody (the value of  
default_privs).


> Now that I've looked at the Makefile, you are correct.

Well, with so many guesses, I had to be close to right on one of them.

> For Postfix it selects nobody which is incorrect.

My guess is that Jean reading the mailman documentation looked for  
what Postfix's equivalent of "mailnull" was and found that it was  
"nobody".

> It should be selecting mailman. However, if you build the port like  
> this: make -DWITH-MAIL-GID=mailman (or use pkgtools.conf as I do),  
> you override the options and the port compiles correctly.

I'm far from grokking the ports and pkg systems.  I guess that the  
pkg install gives you a sort of default mailman which isn't compiled  
for any particularly MTA, while the port gave us the opportunity to  
configure for POSTFIX and one bit of that configuration is wrong.

Thanks everyone for putting up with my somewhat long-winded learning  
experience.

Cheers,

-j


-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/

More information about the freebsd-ports mailing list