LuKreme wrote: >I tried to send a message to a low-traffic announce-list which failed:
Are other lists working? >Mailman mail-wrapper: Group mismatch error. Mailman expected the mail wrapper >script to be executed as group "mailman", but the system's mail server >executed the mail script as group "nobody". Try tweaking the mail server to >run the script as group "mailman", or re-run configure, providing the command >line option `--with-mail-gid=nobody'. > >So I go to the /usr/ports/mail/mailman/ directory to build mailman 'by hand' >so to speak: > > $ export MM_USERNAME=nobody > $ export MM_GROUPNAME=nobody > $ export MM_USERID=65534 > $ make install >===> Installing for mailman-2.1.12 >===> mailman-2.1.12 depends on file: /usr/local/bin/python2.5 - found >---> Starting install script: >---> Using existing group "nobody" >---> Using existing user "nobody" >---> Using existing Mailman directory (/usr/local/mailman) > (There may be existing active mailing lists - this installation will > attempt to preserve them.) >===> Generating temporary packing list > > >etc etc Which may or may not have any effect on this depending on how your package installation works. > $ /usr/local/etc/rc.d/mailman start > $ > >Try to send another message, and I get the exact same error. > >Apr 24 09:26:44 mail Mailman mail-wrapper: Group mismatch error. Mailman >expected the mail wrapper script to be executed as group "mailman", but the >system's mail server executed the mail script as group "nobody". Try tweaking >the mail server to run the script as group "mailman", or re-run configure, >providing the command line option `--with-mail-gid=nobody'. > >Now /etc/postfix/aliases.db (where all the aliases for mailman have been since >at least 2004) is owned by root, and man 8 local says: > > When those files are > owned by the superuser, delivery is made with the rights specified with > the default_privs configuration parameter. > >and the default for default_privs is nobody, which is what postfix is doing. > >So, if mailman is built as above using group and user nobody why is it >claiming it expected the wrapper to be run as mailman? Ask your packager. >As far as I can tell, postfix is doing what it is supposed to, but mailman >somewhere has a user mailman in it that it thinks should be being used. Where >this is and why I cannot figure out. > >All the mailman processes are running as 'nobody' Which pretty much defeats Mailman's security model. >So, I went and grabbed the source and read up on ><http://www.gnu.org/software/mailman/mailman-install/node7.html> > >~/src/mailman-2.1.13 $ ./configure --with-username=nobody >--with-mail-gid=nobody --with-group-name=nobody >configure: WARNING: you should use --build, --host, --target This is very strange. When I run the above command in a freshly unpacked 2.1.13 tarball directory (with 2.5 python), I get: [msap...@msapiro ...2.1.13/mailman-2.1.13]$ ./configure --with-username=nobody --with-mail-gid=nobody --with-group-name=nobody configure: WARNING: unrecognized options: --with-group-name Because it's spelled --with-groupname checking for --with-python... no ... >checking for --with-python... no >checking for python... /usr/local/bin/python >checking Python interpreter... /usr/local/bin/python >checking Python version... 2.5.5 >checking Python's email package... ok >checking Japanese codecs... ok >checking Korean codecs... ok >checking that Python has a working distutils... yes >checking for a BSD-compatible install... /usr/bin/install -c >checking whether make sets $(MAKE)... yes >checking for true... /usr/bin/true >checking for --without-gcc... no >checking for gcc... gcc >checking for C compiler default output file name... a.out >checking whether the C compiler works... yes >checking whether we are cross compiling... no >checking for suffix of executables... >checking for suffix of object files... o >checking whether we are using the GNU C compiler... yes >checking whether gcc accepts -g... yes >checking for gcc option to accept ISO C89... none needed >checking whether #! works in shell scripts... yes >checking for --with-var-prefix... no >checking for --with-permcheck... yes >checking for --with-username... mailman >checking for user name "mailman"... okay >checking for --with-groupname... mailman >checking for group name "mailman"... okay >... > >it completely ignores the flags (this is 2.1.13 downloaded a today from >ftp://ftp.gnu.org/gnu/mailman/mailman-2.1.13.tgz ). Well, it ignores --with-group-name because it's misspelled, but it should issue a warning about that. Could there be something in your environment that's affecting this? Or your shell? What shell is invoked by /bin/sh? >and even if you try to make at that point, there is no Makefile Are you saying configure completes and makes a config.status and runs that and there is no Makefile after that? Really strange... >so, now what? What portion of mailman is expecting a gid of mailman? Since >mailman seems to be totally insistent on running as mailman, I wen ahead and >split the aliases out into a separate file and gave them the right permissions > > $ chown mailman /usr/local/mailman/data/aliases.db > >In the manual it say: > >Run the bin/genaliases script to initialize your aliases file. > % cd /usr/local/mailman > % bin/genaliases > > >Make sure that the owner of the data/aliases and data/aliases.db file is >mailman, that the group owner for those files is mailman, or whatever user and >group you used in the configure command, and that both files are group >writable: > >However, when I run bin/genaliases I get: > >To finish creating your mailing list, you must edit your /etc/aliases (or >equivalent) file by adding the following lines, and possibly running the >`newaliases' program: > >followed by a list of all the aliases. Because you don't have MTA= 'Postfix' in mm_cfg.py. >There are no files in data/ named anything like alias > > /usr/local/mailman $ ls -ls data/ >total 20 > 2 -rw-r----- 1 root nobody 41 May 30 2009 adm.pw > 2 -rw-r--r-- 1 root nobody 10 Apr 24 10:30 last_mailman_version > 2 -rw-rw---- 1 nobody nobody 6 Apr 24 10:36 master-qrunner.pid >14 -rw-r--r-- 1 root nobody 14100 Apr 24 10:32 sitelist.cfg > >But I created one, ran postalias on it, changed the permissions as noted >above, and it STILL fails with the same error. Maybe because you still have aliases in /etc/postfix/aliases.db which is what is being used by postfix unless you added hash:/usr/local/mailman/data/aliases to Postfix alias_maps ahead of hash:/etc/postfix/aliases. Note that the expected group (mailman) is compiled into the mailman/mail/mailman wrapper (from configure's --with-mail-gid) in standard Mailman. I don't know how to set it in your package. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
