-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sympa daemons to support users with multiple groups #160
Comments
informations about the way i installed and started sympa (from an up and running debian buster) $ g clone git@github.com:sympa-community/sympa tmux new /opt/sympalpha/bin/archived.pl -d |
On 01/10/2018 04:30 PM, Marc Chantreux wrote:
informations about the way i installed and started sympa (from an up and running debian buster)
$ g clone ***@***.*** ***@***.***>:sympa-community/sympa
$ id
uid=1001(mc) gid=100(users) groups=100(users),27(sudo),105(sympalpha),115(sympa)
$ sudo install -o mc -g sympalpha -d /opt/sympalpha
$ autoreconf -i
$ ./configure
--prefix=/opt/sympalpha
--with-group=sympalpha
--with-user=mc
--without-initdir
--without-smrshdir
--disable-smtpc
--disable-fhs
--disable-dependency-tracking
--with-confdir=/opt/sympalpha/etc
--with-unitsdir=/opt/sympalpha/services
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#160 (comment)>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIxPlE4m3A-8bKkQmsEAwcLaY9DiSSDks5tJNd_gaJpZM4RZZNE>.
Hello Marc,
what was the error message on the startup of the Sympa daemons?
Regards
Racke
…--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
|
On Wed, 10 Jan 2018 07:30:07 -0800 Marc Chantreux ***@***.***> wrote:
informations about the way i installed and started sympa (from an up and running debian buster)
$ g clone ***@***.***:sympa-community/sympa
$ id
uid=1001(mc) gid=100(users) groups=100(users),27(sudo),105(sympalpha),115(sympa)
$ sudo install -o mc -g sympalpha -d /opt/sympalpha
$ autoreconf -i
$ ./configure \
--prefix=/opt/sympalpha \
--with-group=sympalpha \
--with-user=mc \
--without-initdir \
--without-smrshdir \
--disable-smtpc \
--disable-fhs \
--disable-dependency-tracking \
--with-confdir=/opt/sympalpha/etc \
--with-unitsdir=/opt/sympalpha/services
I couldn't reproduce.
(In below, Sympa was built with default user and group)
1. `sympa` user has primary group `sympa` only:
``` bash
$ id sympa
uid=106(sympa) gid=112(sympa) groups=112(sympa)
$ sudo /usr/sbin/task_manager.pl
(No error)
```
2. `sympa` user has a supplemental group:
```
$ sudo /usr/sbin/usermod -G apache sympa
$ sudo /usr/sbin/task_manager.pl
(No error)
```
3. `sympa` user has the other primary group and supplemental `sympa` group:
```
$ sudo /usr/sbin/usermod -g apache -G sympa sympa
$ sudo /usr/sbin/task_manager.pl
(No error)
```
|
Marc, please add the error message from Sympa startup to this issue. |
hello racke,
and thanks for helping
Hello Marc,
what was the error message on the startup of the Sympa daemons?
as i wanted to be clear, i started from the very begining
g clone sympa:sympa
./sympa
g co sympa-6.2
autoreconf -i
./configure \
--prefix=/opt/sympalpha \
--with-group=sympalpha \
--with-user=mc \
--without-initdir \
--without-smrshdir \
--disable-smtpc \
--disable-fhs \
--disable-dependency-tracking \
--with-confdir=/opt/sympalpha/etc \
--with-unitsdir=/opt/sympalpha/services
make
make install
/opt/sympalpha/bin/archived.pl -d
i get
notice Sympa::Process::write_pid() Previous process 19804 died suddenly; notifying listmaster
notice Sympa::Spindle::ProcessTemplate::_twist() Processing Sympa::Message::Template <sympa@actions.example.com.org.1516110595.19814,3251>; envelope_sender=sympa-request@actions.example.com.org; message_id=sympa.1516110595.19814.185@actions.example.com.org; recipients=ARRAY; sender=sympa@actions.example.com.org; template=listmaster_notification; type=crash
notice Sympa::Mailer::store() Done sending message Sympa::Message::Template <sympa@actions.example.com.org.1516110595.19814,3251> for * (priority 1) in 0 seconds since scheduled expedition date
info main:: Configuration file read, log level set using options : 2
command failed: 550 Invalid recipient
err main::#129 DIED: Failed to change process user ID and group ID. Note that on some OS Perl scripts can't change their real UID. In such circumstances Sympa should be run via sudo.
err main::#129 Child process 19817 for <sympa@actions.example.com.org.1516110595.19814,3251> exited with status 70
DIED: Failed to change process user ID and group ID. Note that on some OS Perl scripts can't change their real UID. In such circumstances Sympa should be run via sudo.
at /opt/sympalpha/bin/archived.pl line 129.
so i add this line just before the condition
die "UID = $UID, GID = $GID";
then i get
info main:: Configuration file read, log level set using options : 2
UID = 1001, GID = 100 27 100 105 115 at /opt/sympalpha/bin/archived.pl
line 128.
as ou see: GID is a string with all GIDs separated by a space.
this was made on a debian buster with a debian perl.
regards
marc
|
On Sun, Jan 14, 2018 at 07:10:09AM +0000, IKEDA Soji wrote:
I couldn't reproduce.
happy you :) maybe you should use the same env i have (debian buster).
regards,
marc
|
Marc, did you invoke the daemon with superuser (root)? If you didn’t, do:
sudo /path/to/archived.pl -d
Regards,
2018/01/16 23:09、Marc Chantreux <notifications@github.com>のメール:
… hello racke,
and thanks for helping
> Hello Marc,
> what was the error message on the startup of the Sympa daemons?
as i wanted to be clear, i started from the very begining
g clone sympa:sympa
./sympa
g co sympa-6.2
autoreconf -i
./configure \
--prefix=/opt/sympalpha \
--with-group=sympalpha \
--with-user=mc \
--without-initdir \
--without-smrshdir \
--disable-smtpc \
--disable-fhs \
--disable-dependency-tracking \
--with-confdir=/opt/sympalpha/etc \
--with-unitsdir=/opt/sympalpha/services
make
make install
/opt/sympalpha/bin/archived.pl -d
i get
notice Sympa::Process::write_pid() Previous process 19804 died suddenly; notifying listmaster
notice Sympa::Spindle::ProcessTemplate::_twist() Processing Sympa::Message::Template ***@***.***,3251>; ***@***.***; ***@***.***; recipients=ARRAY; ***@***.***; template=listmaster_notification; type=crash
notice Sympa::Mailer::store() Done sending message Sympa::Message::Template ***@***.***,3251> for * (priority 1) in 0 seconds since scheduled expedition date
info main:: Configuration file read, log level set using options : 2
command failed: 550 Invalid recipient
err main::#129 DIED: Failed to change process user ID and group ID. Note that on some OS Perl scripts can't change their real UID. In such circumstances Sympa should be run via sudo.
err main::#129 Child process 19817 for ***@***.***,3251> exited with status 70
DIED: Failed to change process user ID and group ID. Note that on some OS Perl scripts can't change their real UID. In such circumstances Sympa should be run via sudo.
at /opt/sympalpha/bin/archived.pl line 129.
so i add this line just before the condition
die "UID = $UID, GID = $GID";
then i get
info main:: Configuration file read, log level set using options : 2
UID = 1001, GID = 100 27 100 105 115 at /opt/sympalpha/bin/archived.pl
line 128.
as ou see: GID is a string with all GIDs separated by a space.
this was made on a debian buster with a debian perl.
regards
marc
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Marc, could you please tell us how did you invoke the daemon?
|
Daemons of current version of Sympa can be invoked in either of following two manners.
In conclusion, I think reported behavior was caused by the usage that was not expected by the design: Invokation by the user whose privilege was not restricted enough. I think this issue would be better to be closed with |
hello Soji and thanks for your replies, i missed them so i didn't answer. this is correct: i can run sympa as root and it worked as expected. this bug should be closed. |
@eiro, Please feel free to close. I have no objection. |
the problem and the questions related to it was posted on the list (https://listes.renater.fr/sympa/arc/sympa-developpers/2018-01/msg00008.html)
this patch isn't complete does only fix the problem for only one daemon but at least it point it out and provides a way to fix it.
0001-when-the-sympa-user-is-member-of-more-than-one-group.patch.txt
The text was updated successfully, but these errors were encountered: