Re: [Mailman-Users] Permissions weirdness?
At 7:56 PM -0500 2003/07/07, Ian Beyer wrote: Hrmm... I'm not quite sure why I (or anyone) would be running both mail and web servers as the same group, unless it was root. It does tend to hamstring you, yes. That's why we installed two copies of mailman, with different compiled-in groups. I thought alleviating that was the whole point of the --with-mail-gid and --with-cgi-gid flags at configure time. Could be. Doesn't seem to work for us. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++) -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Permissions weirdness?
At 12:27 AM -0500 2003/07/07, Ian Beyer wrote: Now, if I setuid root the postfix stuff, everything is peachy, but this isn't something I'm particularly keen on doing, for obvious reasons. I compiled mailman with --with-mail-gid set to the postfix gid, but the master postfix process runs as root. Can someone tell me what I screwed up here? Do I need to rebuild with - --with-mail-gid set to 0? that doesn't sound like something I want to do. One of the things we've found with mailman is that it needs to run as the mail group for your MTA (whatever that is), and it also needs to run as the web group for your web server. If they don't run as the same group, you've got a problem. If you've got one or the other chroot'ed, this makes things even more interesting. We ended up building and installing two copies of mailman -- one with the same group as our MTA (outside of the chroot), and one that runs as the same group as our web server (inside the chroot). Pretty much totally invalidates the purpose of the chroot, but we couldn't get anything else to work. We just make sure that the paths, etc... are set so that the web-group version of mailman is what gets called by apache, and the mail-group version of mailman is what gets called by postfix. -- == Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Permissions weirdness?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brad Knowles wrote: | At 12:27 AM -0500 2003/07/07, Ian Beyer wrote: | | Now, if I setuid root the postfix stuff, everything is peachy, but this | isn't something I'm particularly keen on doing, for obvious reasons. | | I compiled mailman with --with-mail-gid set to the postfix gid, but the | master postfix process runs as root. | | Can someone tell me what I screwed up here? Do I need to rebuild with | - --with-mail-gid set to 0? that doesn't sound like something I want | to do. | | | One of the things we've found with mailman is that it needs to run | as the mail group for your MTA (whatever that is), and it also needs | to run as the web group for your web server. If they don't run as the | same group, you've got a problem. If you've got one or the other | chroot'ed, this makes things even more interesting. Hrmm... I'm not quite sure why I (or anyone) would be running both mail and web servers as the same group, unless it was root. I thought alleviating that was the whole point of the --with-mail-gid and --with-cgi-gid flags at configure time. - -Ian -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) iD8DBQE/ChatRGycTB/It0gRAjfQAJ4hZKGQYYyCVMBR7YG2FYqiOmPl8gCfUKyE mSMT9tsesd/yP4rZCAzEavc= =qurK -END PGP SIGNATURE- -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Permissions weirdness?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've got postfix/mailman set up on Solaris 9 (after working through the python issues that related to that), and when I try to create a list, I get this: Bug in Mailman version 2.1.2 We're sorry, we hit a bug! If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks! Traceback: Traceback (most recent call last): ~ File /usr/local/mailman/scripts/driver, line 87, in run_main ~main() ~ File /usr/local/mailman/Mailman/Cgi/create.py, line 55, in main ~process_request(doc, cgidata) ~ File /usr/local/mailman/Mailman/Cgi/create.py, line 217, in process_request ~sys.modules[modname].create(mlist, cgi=1) ~ File /usr/local/mailman/Mailman/MTA/Postfix.py, line 232, in create ~_update_maps() ~ File /usr/local/mailman/Mailman/MTA/Postfix.py, line 60, in _update_maps ~raise RuntimeError, msg % (vcmd, status, errstr) RuntimeError: command failed: /usr/sbin/postmap /usr/local/mailman/data/virtual-mailman (status: 1, Not owner) Now, if I setuid root the postfix stuff, everything is peachy, but this isn't something I'm particularly keen on doing, for obvious reasons. I compiled mailman with --with-mail-gid set to the postfix gid, but the master postfix process runs as root. Can someone tell me what I screwed up here? Do I need to rebuild with - --with-mail-gid set to 0? that doesn't sound like something I want to do. Any help is muchly appreciated. - -Ian -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) iD8DBQE/CQTMRGycTB/It0gRApExAKDp4d+5XGj7bM5O2YdDwlYWiGIBIACgsfn4 4tj7fobyWgY4alSJRqNRee8= =7nAE -END PGP SIGNATURE- -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org