Your message dated Sun, 18 Mar 2012 13:33:00 +0000
with message-id <[email protected]>
and subject line Bug#653766: fixed in mailman 1:2.1.14-4
has caused the Debian Bug report #653766,
regarding mailman: Unable to rotate logs after logrotate 3.8.0.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
653766: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653766
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mailman
Version: 1:2.1.14-3
Severity: normal
Dear Maintainer,
Upgrading logrotate to 3.8.0 or later causes the mailman logrotate config to
fail because /var/log/mailman is writable by the list group. The error is:
error: skipping "/var/log/mailman/vette" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set
"su" directive in config file to tell logrotate which user/group should be
used for rotation.
Adding "su list list" to /etc/logrotate.d/mailman (see below) results in this
error:
Traceback (most recent call last):
File "/usr/lib/mailman/bin/mailmanctl", line 555, in <module>
main()
File "/usr/lib/mailman/bin/mailmanctl", line 341, in main
check_privs()
File "/usr/lib/mailman/bin/mailmanctl", line 296, in check_privs
os.setgroups(groups)
OSError: [Errno 1] Operation not permitted
It looks like mailmanctl thinks it's running as root (check_privs uses
os.getuid) but it isn't so os.setgroups fails.
Running mailmanctl with -u, or using os.geteuid in check_privs, solves this
problem. (Perhaps a bug should be reported against mailmanctl?)
There's still an error on creating /var/log/mailman/mischief because its group
is www-data. I'm not sure how necessary that is or the implications of adding
the list user to the www-data group.
Thanks!
Dave
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.1.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages mailman depends on:
ii apache2 2.2.21-3
ii apache2-mpm-worker [httpd] 2.2.21-3
ii cron 3.0pl1-120
ii debconf [debconf-2.0] 1.5.41
ii libc6 2.13-23
ii logrotate 3.8.1-1
ii lsb-base 3.2-28
ii pwgen 2.06-1+b1
ii python 2.7.2-9
ii ucf 3.0025+nmu2
Versions of packages mailman recommends:
ii exim4 4.77-1
ii exim4-daemon-light [mail-transport-agent] 4.77-1+b1
Versions of packages mailman suggests:
pn listadmin <none>
pn lynx <none>
pn spamassassin <none>
-- Configuration Files:
/etc/logrotate.d/mailman changed:
/var/log/mailman/vette /var/log/mailman/error /var/log/mailman/bounce {
su list list
weekly
missingok
create 0664 list list
rotate 4
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/mischief {
su list list
monthly
missingok
create 0664 list www-data
rotate 4
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/digest {
su list list
monthly
missingok
create 0664 list list
rotate 4
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/subscribe /var/log/mailman/post {
su list list
monthly
missingok
create 0664 list list
rotate 12
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/qrunner /var/log/mailman/fromusenet /var/log/mailman/locks
/var/log/mailman/smtp /var/log/mailman/smtp-failure {
su list list
daily
missingok
create 0664 list list
rotate 7
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: mailman
Source-Version: 1:2.1.14-4
We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:
mailman_2.1.14-4.debian.tar.gz
to main/m/mailman/mailman_2.1.14-4.debian.tar.gz
mailman_2.1.14-4.dsc
to main/m/mailman/mailman_2.1.14-4.dsc
mailman_2.1.14-4_amd64.deb
to main/m/mailman/mailman_2.1.14-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated mailman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 18 Mar 2012 14:12:49 +0100
Source: mailman
Binary: mailman
Architecture: source amd64
Version: 1:2.1.14-4
Distribution: unstable
Urgency: low
Maintainer: Mailman for Debian <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
mailman - Powerful, web-based mailing list manager
Closes: 653766 655837 659467 663590
Changes:
mailman (1:2.1.14-4) unstable; urgency=low
.
* Ensure CPPFLAGS and LDFLAGS are actually used during build,
thanks Simon Ruderich for the patch! (closes: #663590)
Additionally, enable all available hardening features.
* Checked for policy 3.9.3, add DEP3 patch headers.
* Add Danish debconf translation, thanks Joe Dalton (closes: #659467).
* Add 'su root list' statements to logrotate config, to cope
with logrotate >= 3.8; thanks Joël Bertrand (closes: #653766).
* Avoid config file prompt for mailman crontab entry if this
file was unmodified (closes: #655837).
Checksums-Sha1:
b86ff0c9a4dd9a88f2537ae7a07716b843cb6c3d 1689 mailman_2.1.14-4.dsc
d4d4921edc8c37ee7c5f9484b0e6548c0488e477 104676 mailman_2.1.14-4.debian.tar.gz
f193f32f1b68bb17ef1813f1c5bb28fc17558227 9736602 mailman_2.1.14-4_amd64.deb
Checksums-Sha256:
4b9d4cebae152f64006cf7d35cbcda6643ea6d24bc73338fb01ebb4361342228 1689
mailman_2.1.14-4.dsc
4c26e233776ae2be2b1f0e7b040ff81a350afd4fa41061704a6b74371bec0ad4 104676
mailman_2.1.14-4.debian.tar.gz
456fe448db5d6773875f59d49e715d519cb481fc12b263c580752943dc26068e 9736602
mailman_2.1.14-4_amd64.deb
Files:
141661e8abff53a4312d0e343c9c892f 1689 mail optional mailman_2.1.14-4.dsc
ae534ea00fc5a5c02c200f59e1d18780 104676 mail optional
mailman_2.1.14-4.debian.tar.gz
76da89384e5e258b5983a87e6e71ed06 9736602 mail optional
mailman_2.1.14-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJPZeF0AAoJEOxfUAG2iX57KIQH/0NvBe5UhgquYz7Z9+oG1O4R
zTlQvyE4/DdvHo311rJzN9DJbXv8oMng2mhYB+BVLQUkEJIJtq+tOZg44a5SDJh3
1P0nzECFy7WJFgCRDjLTUVABySNErKMdB14zW9ZIE3NN4oE05PhXebF1zI9/3JyB
PpEI8UILAbxygotor3OTRH6pgLHJvyp+4CK9mUgm+uycUFOomdWwVuPVZYSMrzrO
3D/IZXVgFf3Wha9eKldDO9n4JNvNqqXYHOT68PqMq/KvrVIdzcAak0QpknUrtxWa
IIxrOnvsNP2X/MXwonkl8/ee8IlYP9E0VknVtfNF/UvjFHV9lGcUMqrWQE6GHQ8=
=v9F1
-----END PGP SIGNATURE-----
--- End Message ---
