On 14 June 2011 21:02, Olli Hauer <oha...@freebsd.org> wrote: > On 2011-06-14 20:43, Chris Rees wrote: >> Hi all, >> >> Before I say anything else, please _do not_ bother wxs@ on this >> subject -- any problems to do with ownership/groups in mailman should >> be sent to me-- it's my mess! >> >> I fixed mailman recently to not touch PREFIX before the install phase, >> which opened up a small can of worms in itself -- a fix is waiting for >> approval. >> >> The PR at [1] states that the value for MAIL_GROUP for using mailman >> with Postfix should be nobody, but [2] talks about that being wrong. >> >> Before I revert the MAIL_GID=nobody change (I have had private mail >> explaining that it is in fact incorrect), does anyone have any more >> information on which value is more correct, and why one is preferable? >> >> In short (pseudocode): >> >> .if defined(WITH_POSTFIX) >> MAIL_GID= nobody >> .endif >> >> or >> >> .if defined(WITH_POSTFIX) >> MAIL_GID=mailman >> .endif >> >> ? Comments please? >> > > Second one, GID=mailman > > The group nobody is not really secure (even it is unprivileged). Mostly > the nobody group is chosen for daemons which do not write data at all. > > Normally you try to protect the alias databases which is not given if > nobody has write access to them. > > > From mailman-2.1.14/doc/mailman-install/postfix-integration.html > >> When you configure Mailman, use the --with-mail-gid=mailman switch this >> will be the default if you configured Mailman after adding the mailman >> owner. Because the owner of the aliases.db file is mailman, Postfix will >> execute Mailman's wrapper program as uid and gid mailman. > > > From mailman-2.1.14/doc/mailman-install/postfix-virtual.html > >> As above with the data/aliases* files, you want to make sure that both >> data/virtual-mailman and data/virtual-mailman.db are user and group owned >> by mailman. > > > Other Sources: > http://www.seaglass.com/postfix/mailman-gid.html > http://lists.freebsd.org/pipermail/freebsd-ports/2007-April/040289.html > > > I think it is a good idea to revert the GID as soon as possible back to > mailman and additional instruct postfix users to make sure the group > of the alias / virtual-alias databases are set to mailman.
Thank you. A patch to reverse the group change and fix the REINPLACE is in my Tinderbox -- it should be ready by tomorrow. Chris _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"