[Pkg-mailman-hackers] Bug#896997: Bug#896997: Bug#896997: mailman3 - Incorrect permissions for postfix lookup table files on postfix restart

Thu Apr 26 20:48:24 BST 2018

Le jeudi 26 avril 2018 à 21:32:05+0200, Pierre-Elliott Bécue a écrit :
> Le vendredi 27 avril 2018 à 00:20:38+0530, Balasankar C a écrit :
> > Package: mailman3
> > Version: 3.1.1-9~bpo9+1
> > Severity: important
> > 
> > After installing and configuring mailman3-full, I was unable to create
> > mailing lists using the UI. The logs had the following content
> > 
> > ```
> > Apr 26 17:54:46 2018 (9642) command failure: /usr/sbin/postmap
> > /var/lib/mailman3/data/postfix_lmtp, 1, Operation not permitted
> > Apr 26 17:54:47 2018 (9642) command failure: /usr/sbin/postmap
> > /var/lib/mailman3/data/postfix_domains, 1, Operation not permitted
> > ```
> > 
> > Upon checking, I saw that the files
> > `/var/lib/mailman3/data/postfix_lmtp.db` and
> > `/var/lib/mailman3/data/postfix_domains.db` were owned by `root:root`
> > and others didn't have read/write permission on them. Doing a chmod o+rw
> > on those two files solved the issue.
> > 
> > ---
> > 
> > The exact steps I followed are
> > 
> > 0.  Get a droplet in DigitalOcean with Debian 9.4 image
> > 1.  Enable backports repo and run apt-get update
> > 2.  Set hostname
> > 3.  apt-get install postfix (as smarthost)
> > 4.  apt-get install nginx-full
> > 5.  apt-get -t stretch-backports install mailman3-full (answered the
> > questions positively)
> > 6.  dpkg-reconfigure mailman3-web - For creating database and admin user.
> > 7.  edit /etc/nginx/sites-enabled/mailman3 and change server_name
> > 8.  service nginx reload
> > 9.  Updated /etc/postfix/main.cf as mentioned in
> > /usr/share/doc/mailman3/README.Debian
> > 10. service postfix restart for it to take effect
> > 
> > After this, while trying to login, I got a 500 error page. Logs of
> > mailman3-web had the following
> > 
> > ```
> > SMTPRecipientsRefused: {u'<my admin email id>': (451, '4.3.0 <my admin
> > email id>: Temporary lookup failure')}
> > ```
> > 
> > So I ran the following to fix them.
> > 
> > 11. newaliases
> > 12. mailman aliases
> 
> I guess you were running this command as root, hence the db files owned by
> root, hence the need to chmod o+rw.
> 
> mailman aliases should be run as "list".
> 
> Anyway, we have to avoid the first issue to come so that no one follows the
> second path.
> 
> I'll design a fix.
> 
> > 13. service mailman3 restart
> > 14. service postfix restart
> > 15. service mailman3-web restart
> > 
> > After this, I was able to login.
> > 
> > 16. Go to domain and login as admin. Verification mail will be sent - go
> > check that. (You may want to use the non-HTTPS version of confirmation
> > URL if you haven't set it)
> > 
> > Note: Without doing the following, I wasn't able to create mailing lists
> > 16. chmod o+wr /var/lib/mailman3/data/postfix_domains.db
> > 17. chmod o+wr /var/lib/mailman3/data/postfix_lmtp.db
> > 
> > All was well after this.
> > 
> > I doubt if restarts were actually necessary in step 14 and if a reload
> > would've been enough. On our discussion in IRC channel #debian-mailman,
> > Pierre-Elliott Bécue (peb) assumes this caused the permissions to be borked.
> > 
> > PS: Please rename the issue title as you see fit.
> 
> No need.

After looking a little more, this looks like an upstream bug.

I'll file upstream.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20180426/a17411ce/attachment-0001.sig>