On 4/26/2010 9:47 AM, Lindsay Haisley wrote: > > I'm not entirely sure of the difference between the --with-groupname and > --with-group-gid, both of which accept a name but have different > functions. I do know that for my server distribution (gentoo Linux) > it's essential that the environment setting which controls the > --with-mail-gid configuration setting match the mail group which the MTA > runs as.
--with-groupname set's Mailman's group. This is the group of the files and directories in Mailman's file tree, and is the group that is able to run mailman's bin commands successfully and access Mailman's Python api. It is the group the qrunners run as. Because you don't want to give the web server user/group and the MTA user/group the ability to access this stuff directly for security reasons, the web server and MTA access Mailman through compiled SETGID wrappers that set the effective GID to Mailman's group (as set by --with-groupname). As an additional security check, these wrappers are compiled to expect to be invoked by a particular group and will issue the group mismatch error if invoked by some other group. The expected MTA group is set by --with-mail-gid and the expected web server group by --with-cgi-gid. See the FAQ at <http://wiki.list.org/x/tYA9> for more. The FAQ refers to Mailman's group as 'mailman' which is the default, but can be changed by the --with-groupname option to configure. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
