group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1696066] Re: Postfix module - Mailman wrapper - Couldn't write data/aliases.db and data/virtual-mailman.db files

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From:  Christian Ehrhardt  <1696066@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jun 2018 09:10:52 -0000
Reply-to: Bug 1696066 <1696066@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Bionic and Cosmic have 1:2.1.26-1 so #1 and #2 are done.

Given that Mark identified this as:
a) uncommon issue
b) not affecting the usual way the packaging encourages
this isn't a high prio issue, so I'm not sure if it is worth the effort and regression risk to backport it to former releases.

** Changed in: mailman (Ubuntu)
       Status: Triaged => Fix Released

** Changed in: mailman (Debian)
       Status: New => Fix Released

** Changed in: mailman (Ubuntu Xenial)
       Status: New => Won't Fix

** Changed in: mailman (Ubuntu Artful)
       Status: New => Won't Fix

** Changed in: mailman (Ubuntu Zesty)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1696066

Title:
  Postfix module - Mailman wrapper - Couldn't write data/aliases.db and
  data/virtual-mailman.db files

Status in GNU Mailman:
  Fix Released
Status in mailman package in Ubuntu:
  Fix Released
Status in mailman source package in Xenial:
  Won't Fix
Status in mailman source package in Zesty:
  Won't Fix
Status in mailman source package in Artful:
  Won't Fix
Status in mailman package in Debian:
  Fix Released

Bug description:
  Dear project leader

  At least in version 2.1.23, there is a bug regarding permissions set
  for Mailman data/aliases table and Mailman data/virtual-mailman map
  when these files are created from scratch.

  Here I describe the current behavior for the Mailman data/aliases
  table only but the problem is identical for the Mailman data/virtual-
  mailman map.

  In order, the following conditions have to be met:

  - Postfix need read access to the aliases.db file
  - Mailman like to be owner of those files and the Mailman group needs write access to them

  I. Postfix needs a read access to the aliases.db file

  We can either set permissions as 0660 and add postfix user to mailman
  group (what I've done), or set the permissions as 0664

  II. Mailman group needs a write access to those files at any time

  The following behavior has been observed:

  When creating a new list on command line, using bin/newlist script as
  follow:

      # newlist -u virtualhost foobar

  the files will be created as follow:

  -rw-rw---- 1 root list aliases
  -rw-r----- 1 root list aliases.db

  The same thing has been observed when recreating the file from scratch
  using bin/genaliases:

  -rw-rw---- 1 root list aliases
  -rw-r----- 1 root list aliases.db

  Note that in both cases, files were not present. Thus, they were
  created from scratch.

  As you can see here, the Mailman data/aliases file is created with the
  expected group and permissions but the data/aliases.db file is only
  writable by owner. From the POSTALIAS(1) command point of view, that
  is the expected behavior: The file is created with the same group and
  other read permissions as their source file.

  The problem here is that with those permissions, creating a list
  through Mailman interface later on will result in a permissions denied
  error because the Mailman group, through the wrapper, cannot write
  (update) the aliases.db file (no write permissions).

  That is really a problem. Of course, one can just pre-create the files
  as follow:

  # cd /var/lib/mailman
  # sg list -c "touch data/aliases && postalias data/aliases"
  # chmod 0660 data/aliases*

  but that seem tedious. What if at some point (for any reason), the
  files get recreated from scratch?

  So, from my point of view, the MTA/Postfix.py module should always set
  correct permissions on *.db file,  to be sure that Mailman group has
  write permissions, at least when the files are created from scratch.
  Eg:

  IF NOT EXISTS aliases:
     Touch data/aliases data/aliases.db with correct permissions (066x)
     Add alias entries into aliases as usually
     Run POSTALIAS(1) command as usually

  Then, we are fine.

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1696066/+subscriptions