Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error [solved]
On 03/08/2011 Mark wrote Rekhesh Mohan wrote: Now here is something that spoiled my sleep: I wrote a small test program to call getgrgid(), and it prints getgrgid()-gr_name = www. When I added a print statement inside common.c, I get getgrgid()-gr_name = null (it goes to http error log, since http headers are not defined at this stage of the code). What are the permissions on /etc/group? Is it world readable? Hi people, Issue is solved, after some help from freebsd-hackers list. /etc had 750 permissions. I was too busy looking into /etc and forgot to look above the directory (or probably I'm growing too old for this kind of stuff) :) Thanks again, everyone..! --R -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
On Wednesday, August 03, 2011 02:06:50 AM Mark Sapiro wrote: Rekhesh Mohan wrote: Now here is something that spoiled my sleep: I wrote a small test program to call getgrgid(), and it prints getgrgid()-gr_name = www. When I added a print statement inside common.c, I get getgrgid()-gr_name = null (it goes to http error log, since http headers are not defined at this stage of the code). What are the permissions on /etc/group? Is it world readable? Yes. They are world readable. By the way, I'm making some progress here :) I can now confirm that issue is with system/OS security and not with mailman. getgrgid()-gr_name returns meaningful value only if a member of wheel group calls it. I added my apache-user www to wheel group (his primary group is still www) and mailman is happy - web interface is working. I am not sure about the security implications of apache user being a member of wheel group. Need to check if this is the default behaviour of freeBSD 8.2. I am searching for a machine where I can try a fresh and clean install of freeBSD + mailman. Please let me know If anyone here has a mailman working on freeBSD 8.2 --R -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
Hello Rekhesh Mohan On 08/03/2011 08:23 AM, Rekhesh Mohan wrote: I can now confirm that issue is with system/OS security and not with mailman. getgrgid()-gr_name returns meaningful value only if a member of wheel group calls it. I added my apache-user www to wheel group (his primary group is still www) and mailman is happy - web interface is working. I am not sure about the security implications of apache user being a member of wheel group. The wheel group is the group for all admins not named root! You never should give the apache user admin privileges. If someone breaks into your apache she can overtake your whole machine at once. I don't know freeBSD. Does it use something like SELinux? Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
On Wednesday, August 03, 2011 01:52:23 PM Mailman Admin wrote: Hello Rekhesh Mohan On 08/03/2011 08:23 AM, Rekhesh Mohan wrote: I can now confirm that issue is with system/OS security and not with mailman. getgrgid()-gr_name returns meaningful value only if a member of wheel group calls it. I added my apache-user www to wheel group (his primary group is still www) and mailman is happy - web interface is working. I am not sure about the security implications of apache user being a member of wheel group. The wheel group is the group for all admins not named root! You never should give the apache user admin privileges. If someone breaks into your apache she can overtake your whole machine at once. I don't know freeBSD. Does it use something like SELinux? Hi Christian, Sure :) I have already pulled out the www from wheel. That was one of the many things I have been trying out to understand the issue. I am new to freeBSD - There is nothing like selinux.. but it has some kernel security level setting, which is disabled on my system. Thanks! --R -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
On 01/08/2011 Mark wrote Rekhesh Mohan wrote: AFAIK, src/common.c is checking the GID with getgid() followed by getgrgid(). Now, my machine uses blowfish instead of md5 for passwd. getgid() is returning 80 - which is fine since i have gid(www) = 80 on my system. However, getgrgid(gid) returns null :-| I gave up my fight at that point and decided to ask for help :) This appears to be a C library/OS issue that has nothing to do with Mailman. getgrgid(gid) should return a struct group for the group whose ID is gid. This structure should contain the information which is a representation of the fields in the /etc/groups record for that gid. If gid is valid, the return from getgrgid(gid) should not be null. You are probably right. It may be an issue in C library/OS. I will try and discuss this in freeBSD lists. I tried to figure out the behaviour of these functions with a small test code: getgrgid() returns gr_passwd = * for blowfish, and gr_passwd = x for md5. Is that an issue with mailman or am I making mistakes somewhere else in the installation? Mailman only cares about getgrgid()-gr_name. Now here is something that spoiled my sleep: I wrote a small test program to call getgrgid(), and it prints getgrgid()-gr_name = www. When I added a print statement inside common.c, I get getgrgid()-gr_name = null (it goes to http error log, since http headers are not defined at this stage of the code). Anyways, thanks again for your help.. --R -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
Rekhesh Mohan wrote: Now here is something that spoiled my sleep: I wrote a small test program to call getgrgid(), and it prints getgrgid()-gr_name = www. When I added a print statement inside common.c, I get getgrgid()-gr_name = null (it goes to http error log, since http headers are not defined at this stage of the code). What are the permissions on /etc/group? Is it world readable? -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] mailman on freeBSD 8.2: getgrgid error
Hi folks, I've been fiddling with mailman 2.1.14 (from freebsd ports) on free BSD 8.2. Everything seems to be fine so far except for the web based stuff. I get the following error when I try to access the page: http://this.great.site/mailman/listinfo ---error Mailman CGI error!!! The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog: Failure to find group name for GID 80. Mailman expected the CGI wrapper to be executed as group www, but the system's web server executed the wrapper as GID 80 for which the name could not be found. Try adding GID 80 to your system as www, or tweak your web server to run the wrapper as group www. ---/error- This system has a www user and gid is 80 (group = www). In the first attempt, I let freebsd choose its own configure-arguments and later I tried it myself. Error remained the same. AFAIK, src/common.c is checking the GID with getgid() followed by getgrgid(). Now, my machine uses blowfish instead of md5 for passwd. getgid() is returning 80 - which is fine since i have gid(www) = 80 on my system. However, getgrgid(gid) returns null :-| I gave up my fight at that point and decided to ask for help :) I tried to figure out the behaviour of these functions with a small test code: getgrgid() returns gr_passwd = * for blowfish, and gr_passwd = x for md5. Is that an issue with mailman or am I making mistakes somewhere else in the installation? My apache config is given below (I followed the steps in installation doc.) Thanks in advance..! -apache-config4mailman ScriptAlias /mailman/ /usr/local/mailman/cgi-bin/ Alias /pipermail/ /usr/local/mailman/archives/public/ Directory /usr/local/mailman Options FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all /Directory RedirectMatch ^/mailman[/]*$ http://this.great.site/mailman/listinfo/ -/apache-config4mailman -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
On 01/08/2011 Odhiambo Washington wrote What is the output of this command on your system: grep www /etc/group Here is the output: [root@foo ~]# grep www /etc/group www:*:80:www [root@foo ~]# Thanks! --R On Sun, Jul 31, 2011 at 23:27, Rekhesh Mohan r...@iiap.res.in wrote: Hi folks, I've been fiddling with mailman 2.1.14 (from freebsd ports) on free BSD 8.2. Everything seems to be fine so far except for the web based stuff. I get the following error when I try to access the page: http://this.great.site/mailman/listinfo ---error Mailman CGI error!!! The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog: Failure to find group name for GID 80. Mailman expected the CGI wrapper to be executed as group www, but the system's web server executed the wrapper as GID 80 for which the name could not be found. Try adding GID 80 to your system as www, or tweak your web server to run the wrapper as group www. ---/error- This system has a www user and gid is 80 (group = www). In the first attempt, I let freebsd choose its own configure-arguments and later I tried it myself. Error remained the same. AFAIK, src/common.c is checking the GID with getgid() followed by getgrgid(). Now, my machine uses blowfish instead of md5 for passwd. getgid() is returning 80 - which is fine since i have gid(www) = 80 on my system. However, getgrgid(gid) returns null :-| I gave up my fight at that point and decided to ask for help :) I tried to figure out the behaviour of these functions with a small test code: getgrgid() returns gr_passwd = * for blowfish, and gr_passwd = x for md5. Is that an issue with mailman or am I making mistakes somewhere else in the installation? My apache config is given below (I followed the steps in installation doc.) Thanks in advance..! -apache-config4mailman ScriptAlias /mailman/ /usr/local/mailman/cgi-bin/ Alias /pipermail/ /usr/local/mailman/archives/public/ Directory /usr/local/mailman Options FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all /Directory RedirectMatch ^/mailman[/]*$ http://this.great.site/mailman/listinfo/ -/apache-config4mailman -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/odhiambo%40gma il.com -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] mailman on freeBSD 8.2: getgrgid error
Rekhesh Mohan wrote: AFAIK, src/common.c is checking the GID with getgid() followed by getgrgid(). Now, my machine uses blowfish instead of md5 for passwd. getgid() is returning 80 - which is fine since i have gid(www) = 80 on my system. However, getgrgid(gid) returns null :-| I gave up my fight at that point and decided to ask for help :) This appears to be a C library/OS issue that has nothing to do with Mailman. getgrgid(gid) should return a struct group for the group whose ID is gid. This structure should contain the information which is a representation of the fields in the /etc/groups record for that gid. If gid is valid, the return from getgrgid(gid) should not be null. I tried to figure out the behaviour of these functions with a small test code: getgrgid() returns gr_passwd = * for blowfish, and gr_passwd = x for md5. Is that an issue with mailman or am I making mistakes somewhere else in the installation? Mailman only cares about getgrgid()-gr_name. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org