Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package

To: <gnats-bugs%NetBSD.org@localhost>
Subject: Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package
From: "Filip Hajny" <filip%joyent.com@localhost>
Date: Sat, 13 Nov 2010 10:58:51 +0100

On 13.11.2010, at 2:20, OBATA Akio wrote:

> On Sat, 13 Nov 2010 02:55:02 +0900, <andras%freeshell.de@localhost> wrote:
> 
>> When I added
>> MAILMAN_GROUP=mailman
>> MAILMAN_MAILGROUP=mailman
>> to /etc/mk.conf configuring worked like expected.
> 
> I'm confused.
> First, you said "MAILMAN_USER and MAILMAN_GROUP should be 'mailman', but 
> 'daemon'",
> Curently "MAILMAN_GROUP and MAILMAN_MAILGROUP should be 'mailman', but...".
> I feel you just want to change MAILMAN_MAILGROUP to adjust your environment.
> 
>> There have been discussions in the past about setting the variables manually.
>> Anyhow: a user without (detailed) knowledge of the build process is likely to
>> have a broken installation of mailman without manual setting of MAILMAN_GROUP
>> and MAILMAN_MAILGROUP in /etc/mk.conf.
>> Shouldn't those variables be accessible from the option framework? Just a
>> suggestion...
> 
> If so, MAILMAN_MAILGROUP must be defined automatically from user's choice.
> Do you know how to determine it automatically? by selection of MTA? using OS? 
> or something else?
> i.e. you want to change MAILMAN_MAILGOUP to "mailman", where it came from?
> 

I think this article sums it up:

http://www.seaglass.com/postfix/mailman-gid.html

In other words, with Postfix you either compile with MAILMAN_MAILGROUP=nobody 
and then make sure the alias files are owned as root (so that Postfix falls 
back to 'nobody' when executing the Mailman commands), or you compile with an 
arbitrary GID (like 'mailman') and then keep the alias files owned that way. 

I haven't tested what happens if you compile with 'mailman' and then try to 
deploy on a system where the actual GID of 'mailman' is different from the 
building system. My only world is that of Solaris, so 'nobody' is pretty 
consistent there, and that's what I went with. No issues. Therefore the 
instruction in mail/mailman/Makefile to use 'nobody' with Postfix is still a 
good one IMO.

I think it needs to be cleared up that the zest of this PR has nothing to do 
with what user/group Mailman runs as (MAILMAN_USER, MAILMAN_GROUP), but what 
group Mailman expects its binaries executed under by the MTA (i.e. 
MAILMAN_MAILGROUP). And this option is largely dependent on the particular 
MTA-Mailman scenario.

-F

Follow-Ups:
- Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package
  - From: andras

References:
- Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package
  - From: OBATA Akio

Prev by Date: Re: pkg/43746 (Compiler crash when building subversion-devel from pkgsrc)
Next by Date: Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package
Previous by Thread: Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package
Next by Thread: Re: pkg/44068: Mailman's build process uses uid/gid of 'daemon' instead of 'mailman' and breaks package
Indexes:

Home | Main Index | Thread Index | Old Index