[Mailman-Users] Problems with Mailman

Richard Barrett R.Barrett at ftel.co.uk
Thu Jan 10 11:26:29 CET 2002 

I think this should be re-titled 'Mailman problem under 'secure' Linux kernels.

I have seen this problem reported recently on this list by another user.

While I do not run any 'secure' version of linux kernel, I think the 
problem results from restrictions on the creation of hard links under such 
kernels. My understanding is that in a attempt to prevent denial of service 
attacks based on disk quotas, there is a kernel patch which restricts who 
can create hard links: I believe the EUID of the link creator has to match 
the UID of the file owner. This explains why the error code is 1 (Operation
not Permitted) rather than say 13 (Permission Denied).

I do not know any way round the problem - maybe someone else does - other 
than not using this 'security' patch.


At 20:58 09/01/2002 -0800, mburton at jo.birdsense.com wrote:
>Hi folks,
>
>I am giving Mailman 2.8 a try again after about a couple years
>away from it.  It looks like it has matured quite a bit in that time
>and I am excited to reevaluate it.  I have installed it with very little
>trouble on the surface.  I have created a test list called BCtest
>without problem and accessed the admin pages with no problems.
>The problem comes in when I try to subscribe to the list.  Any help
>will be greatly appreciated.
>
>System - Linux Mandrake 7.2
>Kernel   - 2.2.17-21mdksecure
>Postfix version - not readily available (ok, I'm braindead after
>working all day with Win2K issues <G>)
>Apache version - 1.3.12
>
>I am getting an error at the commad line level that reads:
>
>Security: denied hard link to 1015:509 for UID 99, EUID 99,
>process python:22213
>
>User ID 1015 is mailman
>Group ID 509 is mailman
>UID 99 is nobody (apache runs as user nobody)
>EUID 99 is also nobody (again, this is what apache runs as)
>----
>The traceback log contains the following:
>
>Jan 09 17:45:58 2002 admin(22099):
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>@@@@@@@@@@@@@@
>admin(22099): [----- Mailman
>Version: 2.0.8 -----]
>admin(22099): [----- Traceback ------]
>admin(22099): Traceback
>(most recent call last):
>admin(22099):   File "/home/mailman/scripts/driver", line 96, in
>run_main
>admin(22099):     main()
>admin(22099):   File
>"../Mailman/Cgi/admin.py", line 154, in main
>admin(22099):     ChangeOptions(mlist, category, cgidata, doc)
>admin(22099):   File "../Mailman/Cgi/admin.py", line 899, in
>ChangeOptions
>admin(22099):     digest, send_welcome_msg)
>admin(22099):   File "/home/mailman/Mailman/MailList.py", line
>1124, in ApprovedAddMembers
>admin(22099):     self.Save()
>admin(22099):   File "/home/mailman/Mailman/MailList.py", line
>857, in Save
>admin(22099):     self.__save(dict)
>admin(22099):   File
>"/home/mailman/Mailman/MailList.py", line 833, in __save
>admin(22099):     os.link(fname, fname_last)
>admin(22099): OSError: [Errno 1] Operation not permitted
>admin(22099): [----- Python Information -----]
>admin(22099): sys.version    = 2.2 (#1, Jan  9 2002, 06:41:05)
>[GCC 2.95.3 19991030 (prerelease)]
>admin(22099): sys.executable = /usr/bin/python
>admin(22099): sys.prefix     = /usr/local
>admin(22099): sys.exec_prefix= /usr/local
>admin(22099): sys.path       = /usr/local
>admin(22099): sys.platform   = linux2
>admin(22099): [----- Environment Variables -----]
>admin(22099):   HTTP_ACCEPT: image/gif, image/x-xbitmap,
>image/jpeg, image/pjpeg, application/vnd.ms-powerpoint,
>application/vnd.ms-excel, application/msword, */*
>admin(22099):   CONTENT_TYPE: application/x-www-form-
>urlencoded
>admin(22099):   HTTP_REFERER:
>http://www.birdsense.com/mailman/admin/bctest/members
>admin(22099):   SERVER_SOFTWARE: Apache/1.3.12 (Unix)
>admin(22099):   PYTHONPATH: /home/mailman
>admin(22099):   SCRIPT_FILENAME: /home/mailman/cgi-bin/admin
>admin(22099):   SERVER_ADMIN: root at jo.birdsense.com
>admin(22099):   SCRIPT_NAME: /mailman/admin
>admin(22099):   SERVER_SIGNATURE:
><ADDRESS>Apache/1.3.12 Server at www.birdsense.com Port
>80</ADDRESS>
>
>admin(22099):   REQUEST_METHOD: POST
>admin(22099):   HTTP_HOST: www.birdsense.com
>admin(22099):   PATH_INFO: /bctest/members
>admin(22099):   SERVER_PROTOCOL: HTTP/1.1
>admin(22099):   QUERY_STRING:
>admin(22099):   REQUEST_URI: /mailman/admin/bctest/members
>admin(22099):   CONTENT_LENGTH: 102
>admin(22099):   HTTP_USER_AGENT: Mozilla/4.0 (compatible;
>MSIE 5.0; Windows 98; DigExt)
>admin(22099):   HTTP_CONNECTION: Keep-Alive
>admin(22099):   HTTP_COOKIE:
>bctest:admin=280200000069eff13c3c7328000000666365376237333
>53661633337316561616532333230366461386438616164303639623
>065303063; birdclick=lastv0:978023299&lastv1:978023299&vpage:0
>admin(22099):   SERVER_NAME: www.birdsense.com
>admin(22099):   REMOTE_ADDR: 10.10.10.2
>admin(22099):   REMOTE_PORT: 1130
>admin(22099):   HTTP_ACCEPT_LANGUAGE: en-us
>admin(22099):   PATH_TRANSLATED:
>/usr/local/apache/htdocs/bctest/members
>admin(22099):   SERVER_PORT: 80
>admin(22099):   GATEWAY_INTERFACE: CGI/1.1
>admin(22099):   HTTP_ACCEPT_ENCODING: gzip, deflate
>admin(22099):   SERVER_ADDR: 64.24.214.247
>admin(22099):   DOCUMENT_ROOT: /usr/local/apache/htdocs
>
>
>
>------------------------------------------------------
>Mailman-Users maillist  -  Mailman-Users at python.org
>http://mail.python.org/mailman/listinfo/mailman-users

More information about the Mailman-Users mailing list