[Mailman-Developers] Bug #596565, mailman should use alphabetic U/GIDs

[Barry A. Warsaw]

I think bug #596565 makes a good point.  We've always known that the
hardcoded numeric ids are a PITA and a major source of FAQ-ups for
newbies.  I've resisted (and continue to resist ;) making these
totally run-time configurable for two reasons:

- vague, unsubstantiated fears about security holes
- avoiding like the plague any config file parsing in C

Todd makes an interesting point: by using symbolic names for the
groups and users, we can give a level of indirection that may make it
easier for binary packages, admins moving Mailman to different
systems, and other similar situations.

The original patch attached to this bug was too incomplete to use, but
I was running some long background tests today and had some time to
hack.  So I've uploaded a patch that I think does the trick.  Some
highlights:

--with-mail-gid and --with-cgi-gid are retained, even though they
should be used to specify group names instead of group ids.  I don't
think it's worth changing these (see my patch comments for details).

--without-permcheck has been extended to mean that any verification of
the mail and cgi group names is skipped.  This means you can build
mailman on a system without the groups installed and it'll compile
just fine.  It won't run of course, unless the system has those group
names installed.

I've completely rewritten the error messages that get printed when
there are group mismatches.  I really hope that now, even if it's more
rare, when the mismatches happen, it'll be more obvious how to fix the
problems.

I've done quite a bit of testing of various combinations of switches
and I think it's doing the right thing.  But it's still possible I
screwed up, so I'd appreciate it if someone else could apply the patch
(against today's cvs) and give it a try.

Does this patch help make building, distributing, and moving Mailman
easier for folks?  Are there any bugs where a gid is still assumed
instead of a group name?

Cheers,
-Barry