Re: [Mailman-Users] Problem with mailman install
LuKreme wrote: On 17-May-2009, at 19:29, Mark Sapiro wrote: See the FAQ at http://wiki.list.org/x/tYA9 to understand more about this error. My confusion about the error is that mailman has ALWAYS been setu for uid/gid mailman, and has been for years and years. Yes, and the mail/mailman wrapper is group mailman and SETGID so that the pipe invoked by the MTA actually runs as effective group mailman and has appropriate access. However, the MTA invokes the pipe as some user:group determined by the MTA which may or may not be mailman. In order to provide some security against just anyone with shell access being able to run the wrapper from the command line, upon invocation the wrapper checks the original group with which the MTA invoked the wrapper, and if it is not the group the wrapper expects, the wrapper issues the group mismatch error. This is all explained in more detail in the FAQ. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] Problem with mailman install
On 18-May-2009, at 08:35, Mark Sapiro wrote: In order to provide some security against just anyone with shell access being able to run the wrapper from the command line, upon invocation the wrapper checks the original group with which the MTA invoked the wrapper, and if it is not the group the wrapper expects, the wrapper issues the group mismatch error. This is all explained in more detail in the FAQ. Yes, but the MTA did not change. Recompiling mailman via ports with the same options it had been compiled with before failed (WITH_MAIL_GID=mailman). Restoring from backup (which files are gid mailman) worked. Same permissions on the mailman executable: 14 -rwxr-sr-x 1 root mailman 13661 Jun 8 2007 mail/mailman -- There is a road, no simple highway, between the dawn and the dark of night -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] Problem with mailman install
LuKreme wrote: Yes, but the MTA did not change. Recompiling mailman via ports with the same options it had been compiled with before failed (WITH_MAIL_GID=mailman). Restoring from backup (which files are gid mailman) worked. Same permissions on the mailman executable: And the group mismatch error you reported at the start of this thread said Mailman expected the mail wrapper script to be executed as group mailman, but the system's mail server executed the mail script as group nobody. Indicating that yes, the wrapper was compiled WITH_MAIL_GID=mailman, but it should have been compiled WITH_MAIL_GID=nobody. This has nothing to do with the gid of the files. It has to do only with the gid with which the MTA invokes the wrapper. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Users] Problem with mailman install
I have had mailman running for many years now, and have updated it semi regularly over the years (currently 2.1.9). A few days ago, I tried to post a message to a list I host and got: Command died with status 4: /usr/local/mailman/mail/mailman post listname. Command output: No such file or directory I went in and tried to look at the install, but everything appeared to be fine. So I tried to reinstall via portupgrade mailman. After the upgrade completed, I got this error: Command died with status 2: /usr/local/mailman/mail/mailman post gfamily. Command output: Group mismatch error. Mailman expected the mail wrapper script to be executed as group mailman, but the system's mail server executed the mail script as group nobody. This is odd since my current install of mailman has permissions like this: So I tried $ export MM_USERNAME=nobody $ export MM_GROUPNAME=nobody $ export MM_USERID=65534 and made sure that in pkgtools.conf I had 'mail/mailman' = 'WITH_MAIL_GID=nobody', and ran the port install again, only to get the same error. At each step I ran bin/check_perms and nothing was wrong. Finally I just went into my backups and restored /usr/local/mailman with a cp -rp and now everything works (except ports thinks I have version 2.1.11) So, for future reference, what SHOULD I have done? And does anyone know how to tell ports I have 2.1.9 instead of 2.1.11? -- Do not meddle in the affairs of Dragons for you are crunchy and taste good with ketchup -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Users] Problem with mailman install
[oops, left something out] This is odd since my current install of mailman has permissions like this: 8 -rwxr-xr-x 1 rootmailman 7622 Jun 8 2007 add_members 6 -rwxr-xr-x 1 rootmailman 6008 Jun 8 2007 arch 4 -rwxr-xr-x 1 rootmailman 2569 Jun 8 2007 b4b5-archfix mailman was compiled on my system with GID mailman, but trying to setup 2.1.11 with the same build options fails, so assuming I upgrade at some point, how do I get this to work? -- Do not meddle in the affairs of Dragons for you are crunchy and taste good with ketchup -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] Problem with mailman install
LuKreme wrote: A few days ago, I tried to post a message to a list I host and got: Command died with status 4: /usr/local/mailman/mail/mailman post listname. Command output: No such file or directory status 4 means the execve that runs python returned. The no such file or directory can refer to either /usr/local/mailman/mail/mailman or to the path to Python that the mail wrapper is using. I went in and tried to look at the install, but everything appeared to be fine. So I tried to reinstall via portupgrade mailman. After the upgrade completed, I got this error: Command died with status 2: /usr/local/mailman/mail/mailman post gfamily. Command output: Group mismatch error. Mailman expected the mail wrapper script to be executed as group mailman, but the system's mail server executed the mail script as group nobody. This is odd since my current install of mailman has permissions like this: See the FAQ at http://wiki.list.org/x/tYA9 to understand more about this error. So I tried $ export MM_USERNAME=nobody $ export MM_GROUPNAME=nobody $ export MM_USERID=65534 and made sure that in pkgtools.conf I had 'mail/mailman' = 'WITH_MAIL_GID=nobody', and ran the port install again, only to get the same error. At each step I ran bin/check_perms and nothing was wrong. I can't help you much with all this package specific stuff. You might be better off asking for help using resources specific to the package you are installing. My guess is that the 'WITH_MAIL_GID=nobody' change should have fixed the group mismatch problem, particularly if the prior setting was 'WITH_MAIL_GID=mailman'. Possibly the environment changes messed this up somehow. Finally I just went into my backups and restored /usr/local/mailman with a cp -rp and now everything works (except ports thinks I have version 2.1.11) So, for future reference, what SHOULD I have done? And does anyone know how to tell ports I have 2.1.9 instead of 2.1.11? If you have a file named last_mailman_version in Mailman's data/ directory, it probably has contents 0x2010bf0 If so, change the contents to 0x20109f0 I don't know what you SHOULD have done to fix the original problem, since I don't know what the underlying cause was. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Users] Problem with mailman install
On 17-May-2009, at 19:29, Mark Sapiro wrote: status 4: /usr/local/mailman/mail/mailman post listname. Command output: No such file or directory status 4 means the execve that runs python returned. The no such file or directory can refer to either /usr/local/mailman/mail/mailman or to the path to Python that the mail wrapper is using. Very odd, the path was there, the executable was there, permissions where right, and python appeared to be running. I certainly didn't do anything to change python's settings either before or after. See the FAQ at http://wiki.list.org/x/tYA9 to understand more about this error. My confusion about the error is that mailman has ALWAYS been setu for uid/gid mailman, and has been for years and years. If you have a file named last_mailman_version in Mailman's data/ directory, it probably has contents 0x2010bf0 If so, change the contents to 0x20109f0 That file has the right info, it's just the ports DB that is off since I replaced the install from backups 'behind its back'. -- What are you, Ghouls? There are no dead students here. This week. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
