Package: mailman
Version: 1:2.1.14-3
Severity: normal
Dear Maintainer,
Upgrading logrotate to 3.8.0 or later causes the mailman logrotate config to
fail because /var/log/mailman is writable by the list group. The error is:
error: skipping "/var/log/mailman/vette" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set
"su" directive in config file to tell logrotate which user/group should be
used for rotation.
Adding "su list list" to /etc/logrotate.d/mailman (see below) results in this
error:
Traceback (most recent call last):
File "/usr/lib/mailman/bin/mailmanctl", line 555, in <module>
main()
File "/usr/lib/mailman/bin/mailmanctl", line 341, in main
check_privs()
File "/usr/lib/mailman/bin/mailmanctl", line 296, in check_privs
os.setgroups(groups)
OSError: [Errno 1] Operation not permitted
It looks like mailmanctl thinks it's running as root (check_privs uses
os.getuid) but it isn't so os.setgroups fails.
Running mailmanctl with -u, or using os.geteuid in check_privs, solves this
problem. (Perhaps a bug should be reported against mailmanctl?)
There's still an error on creating /var/log/mailman/mischief because its group
is www-data. I'm not sure how necessary that is or the implications of adding
the list user to the www-data group.
Thanks!
Dave
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.1.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages mailman depends on:
ii apache2 2.2.21-3
ii apache2-mpm-worker [httpd] 2.2.21-3
ii cron 3.0pl1-120
ii debconf [debconf-2.0] 1.5.41
ii libc6 2.13-23
ii logrotate 3.8.1-1
ii lsb-base 3.2-28
ii pwgen 2.06-1+b1
ii python 2.7.2-9
ii ucf 3.0025+nmu2
Versions of packages mailman recommends:
ii exim4 4.77-1
ii exim4-daemon-light [mail-transport-agent] 4.77-1+b1
Versions of packages mailman suggests:
pn listadmin <none>
pn lynx <none>
pn spamassassin <none>
-- Configuration Files:
/etc/logrotate.d/mailman changed:
/var/log/mailman/vette /var/log/mailman/error /var/log/mailman/bounce {
su list list
weekly
missingok
create 0664 list list
rotate 4
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/mischief {
su list list
monthly
missingok
create 0664 list www-data
rotate 4
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/digest {
su list list
monthly
missingok
create 0664 list list
rotate 4
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/subscribe /var/log/mailman/post {
su list list
monthly
missingok
create 0664 list list
rotate 12
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
/var/log/mailman/qrunner /var/log/mailman/fromusenet /var/log/mailman/locks
/var/log/mailman/smtp /var/log/mailman/smtp-failure {
su list list
daily
missingok
create 0664 list list
rotate 7
compress
delaycompress
sharedscripts
postrotate
[ -f '/var/run/mailman/mailman.pid' ] &&
/usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
endscript
}
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
