mailman error 2 Failure to exec script. WANTED gid 67, GOT gid 65533 (mailman 2)

After an upgrade of the OS to Leap 15.4 my mailman (using mailman 2) stopped working. Any time a list receive a message it is rejected by postfix, the error is like this


status=bounced (Command died with status 2: "/usr/lib/mailman/mail/mailman post micros". Command output: Failure to exec script. WANTED gid 67, GOT gid 65533. )

gid 67 is mailman
gid 65533 is nobody

So it seems the problem is that the script mailman post is run by nobody instead of by mailman

So I check

**tutatis:/etc/mailman #** cat mailman.cgi-gid 
8 

**tutatis:/etc/mailman #** cat mailman.mail-gid 
67

It is OK, and

**tutatis:#** ps -ef |grep mailman 
**mailman**   87112      1  0 09:03 ?        00:00:00 /usr/bin/python /usr/lib/**mailman**/bin/**mailman**ctl --quiet --stale-lock-cleanup start 
**mailman**   87113  87112  0 09:03 ?        00:00:06 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=ArchRunner:0:1 -s 
**mailman**   87114  87112  0 09:03 ?        00:00:06 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=BounceRunner:0:1 -s 
**mailman**   87115  87112  0 09:03 ?        00:00:06 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=CommandRunner:0:1 -s 
**mailman**   87117  87112  0 09:03 ?        00:00:06 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=IncomingRunner:0:1 -s 
**mailman**   87122  87112  0 09:03 ?        00:00:06 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=NewsRunner:0:1 -s 
**mailman**   87123  87112  0 09:03 ?        00:00:09 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=OutgoingRunner:0:1 -s 
**mailman**   87124  87112  0 09:03 ?        00:00:06 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=VirginRunner:0:1 -s 
**mailman**   87125  87112  0 09:03 ?        00:00:00 /usr/bin/python /usr/lib/**mailman**/bin/qrunner --runner=RetryRunner:0:1 -s 
root     118337 117996  0 19:13 pts/1    00:00:00 grep --color=auto **mailman** 

It is OK too

I have also checked perms and seem to be OK

 **tutatis:/usr/lib/mailman/bin #** ./check_perms 
No problems found
 

So, I don’t know where the problem comes from.

I have seen this

**tutatis:/usr/lib/mailman/bin #** ./mailman-config --help 
Configuration and build information for Mailman 

Mailman version: 2.1.35 
Build Date:      Wed Oct 20 00:21:49 UTC 2021 

prefix:          /usr/lib/mailman 
var_prefix:      /var/lib/mailman 
mailman_user:     
mailman_group:    
mail_group:      www 
cgi_group:       wwwrun 

configure_opts: "--host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --b
indir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/lib --localstatedir=/v
ar --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --prefix=/usr/lib/mailman --exec-prefix=/usr/lib/ma
ilman --localstatedir=/var/run --libexecdir=/usr/lib/mailman --with-groupname=mailman --with-username=mailman --with-var-prefix=/var/lib/mailman --without-permc
heck --with-cgi-gid=wwwrun --with-mail-gid=www"  

and I see this “mail_group: www” could be a problem, because in opensuse leap group www does not exist, but this mailman_config just seems to print this I don’t think it does any other thing

**tutatis:/usr/lib/mailman/bin #** cat mailman-config 
#! /usr/bin/python 
# 
# Copyright (C) 2018 by the Free Software Foundation, Inc. 
# 
# This program is free software; you can redistribute it and/or 
# modify it under the terms of the GNU General Public License 
# as published by the Free Software Foundation; either version 2 
# of the License, or (at your option) any later version. 
# 
# This program is distributed in the hope that it will be useful, 
# but WITHOUT ANY WARRANTY; without even the implied warranty of 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
# GNU General Public License for more details. 
# 
# You should have received a copy of the GNU General Public License 
# along with this program; if not, write to the Free Software 
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 
# 02110-1301, USA. 
# 
# Send bug reports or suggestions to Lindsay Haisley <fmouse@fmp.com> 

"""Show basic statistics about, and build options for this 
installation of Mailman. Requires python 2.""" 

print """Configuration and build information for Mailman
""" 

print 'Mailman version: %s' % '2.1.35' 
print 'Build Date:      %s' % 'Wed Oct 20 00:21:49 UTC 2021' 
print '' 
print 'prefix:          %s' % '/usr/lib/mailman' 
print 'var_prefix:      %s' % '/var/lib/mailman' 
print 'mailman_user:    %s' % '' 
print 'mailman_group:   %s' % '' 
print 'mail_group:      %s' % 'www' 
print 'cgi_group:       %s' % 'wwwrun' 
print '' 


print 'configure_opts: "%s"' % '--host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bin
dir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/lib --localstatedir=/var --sharedstatedir
=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --prefix=/usr/lib/mailman --exec-prefix=/usr/lib/mailman --localstatedir=/var/run --lib
execdir=/usr/lib/mailman --with-groupname=mailman --with-username=mailman --with-var-prefix=/var/lib/mailman --without-permcheck --with-cgi-gid=wwwrun --with-mail-gid=www' 

**tutatis:/usr/lib/mailman/bin #**

AFAIK mailman requires apache2 which uses user wwwrun and group www on Opensuse.

Did you check if apache is installed/configured?
On my tumbleweed system I have in logins (filter system user)


Login              Name                             UID           Groups
wwwrun         WWW Daemon Apache    499           www

and in groups


Group Name         Group ID      Group Members  
www                     499               wwwrun, myuserlogin

Regards
Philippe

yes, you are right, group www exist, what do not exist is user www

**www**:x:8:**www**run

Apache is working fine

If I change
/etc/mailman/mailman.mail-gid
value to 65533 (nobody) then mailman works… but I don’t think this should be the correct configuration

Hello,

See https://www.seaglass.com/postfix/PostfixMailmanGID.html
It describes the same error message “WANTED gid 12 GOT gid 99?”

Regards
Philippe

yes, it is more or less the same error

I have both user and group for mailman

 **tutatis:/usr/lib/mailman/bin #** cat /etc/passwd |grep mailman 
**mailman**:x:72:67:GNU mailing list manager:/var/lib/**mailman**:/bin/bash

 
  **tutatis:/usr/lib/mailman/bin #** cat /etc/group |grep mailman       
**mailman**:!:67:
 
  

And as mailman is installed as a package I can’t reconfigure it as it is said, so the solution it propose is

If you did not build your own Mailman package and therefore cannot control the GID that it expects, you will have to accommodate Mailman by getting Postfix to use the GID Mailman expects. Generate an error message like the one above by first creating a list (see the steps in this chapter) and then sending a message to it. You should receive a bounce error email message (or you can check for the error in the Mailman log). Note the GID Mailman reports that it wants (WANTED gid 12). Change the primary group of the mailman account to that group. Make sure that the Mailman alias file is owned by the mailman account.

It will be to change mailman group to 65533 (nobody) … well is similar to what I have done changing /etc/mailman/mailman.mail-gidvalue to 65533 … and it works … I don’t like it though, but it seems there is no other way to say to postfix to deliver the message to mailman using the correct gid (which should be mailman gid)