[Pkg-mailman-hackers] Bug#653766: mailman: Unable to rotate logs after logrotate 3.8.0.

David Anselmi anselmi at anselmi.us
Fri Dec 30 19:47:11 UTC 2011


Package: mailman
Version: 1:2.1.14-3
Severity: normal

Dear Maintainer,

Upgrading logrotate to 3.8.0 or later causes the mailman logrotate config to
fail because /var/log/mailman is writable by the list group.  The error is:

  error: skipping "/var/log/mailman/vette" because parent directory has insecure
  permissions (It's world writable or writable by group which is not "root") Set
  "su" directive in config file to tell logrotate which user/group should be
   used for rotation.

Adding "su list list" to /etc/logrotate.d/mailman (see below) results in this
error:

  Traceback (most recent call last):
    File "/usr/lib/mailman/bin/mailmanctl", line 555, in <module>
      main()
    File "/usr/lib/mailman/bin/mailmanctl", line 341, in main
      check_privs()
    File "/usr/lib/mailman/bin/mailmanctl", line 296, in check_privs
      os.setgroups(groups)
  OSError: [Errno 1] Operation not permitted

It looks like mailmanctl thinks it's running as root (check_privs uses
os.getuid) but it isn't so os.setgroups fails.

Running mailmanctl with -u, or using os.geteuid in check_privs, solves this
problem.  (Perhaps a bug should be reported against mailmanctl?)

There's still an error on creating /var/log/mailman/mischief because its group
is www-data.  I'm not sure how necessary that is or the implications of adding
the list user to the www-data group.

Thanks!
Dave

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.1.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages mailman depends on:
ii  apache2                     2.2.21-3
ii  apache2-mpm-worker [httpd]  2.2.21-3
ii  cron                        3.0pl1-120
ii  debconf [debconf-2.0]       1.5.41
ii  libc6                       2.13-23
ii  logrotate                   3.8.1-1
ii  lsb-base                    3.2-28
ii  pwgen                       2.06-1+b1
ii  python                      2.7.2-9
ii  ucf                         3.0025+nmu2

Versions of packages mailman recommends:
ii  exim4                                      4.77-1
ii  exim4-daemon-light [mail-transport-agent]  4.77-1+b1

Versions of packages mailman suggests:
pn  listadmin     <none>
pn  lynx          <none>
pn  spamassassin  <none>

-- Configuration Files:
/etc/logrotate.d/mailman changed:
/var/log/mailman/vette /var/log/mailman/error /var/log/mailman/bounce {
	su list list
	weekly
	missingok
	create 0664 list list
	rotate 4
	compress
	delaycompress
        sharedscripts
        postrotate
            [ -f '/var/run/mailman/mailman.pid' ] && /usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
        endscript
}
/var/log/mailman/mischief {
	su list list
	monthly
	missingok
	create 0664 list www-data
	rotate 4
	compress
	delaycompress
	sharedscripts
	postrotate
	    [ -f '/var/run/mailman/mailman.pid' ] && /usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
	endscript
}
/var/log/mailman/digest {
	su list list
	monthly
	missingok
	create 0664 list list
	rotate 4
	compress
	delaycompress
        sharedscripts
        postrotate
            [ -f '/var/run/mailman/mailman.pid' ] && /usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
        endscript
}
/var/log/mailman/subscribe /var/log/mailman/post {
	su list list
	monthly
	missingok
	create 0664 list list
	rotate 12
	compress
	delaycompress
        sharedscripts
        postrotate
            [ -f '/var/run/mailman/mailman.pid' ] && /usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
        endscript
}
/var/log/mailman/qrunner /var/log/mailman/fromusenet /var/log/mailman/locks /var/log/mailman/smtp /var/log/mailman/smtp-failure {
	su list list
	daily
	missingok
	create 0664 list list
	rotate 7
	compress
	delaycompress
        sharedscripts
        postrotate
            [ -f '/var/run/mailman/mailman.pid' ] && /usr/lib/mailman/bin/mailmanctl -u -q reopen || exit 0
        endscript
}


-- debconf information excluded





More information about the Pkg-mailman-hackers mailing list