[Mailman-Users] Mailman won't work - can you help?

John Barrus john at johnbarrus.com
Mon Nov 3 15:15:03 CET 2003 

The server is running as user "apache". If you look through the original 
message, you will see that I only ran the 
/usr/local/mailman/cgi-bin/admin as root to show that the command does 
in fact run. Of course, as root the program outputs an error. The 
program won't run at all when "apache" tries to execute it. 
Unfortunately, as "apache", I get a permissions error that I don't 
understand.

 From the original message:

====================================

I su to user "apache" and try it again

--------------
[root at www cgi-bin]# su apache
[apache at www cgi-bin]$ ./admin
sh: ./admin: Permission denied
--------------

Well, why won't it run? I check the permissions...

--------------
[apache at www cgi-bin]$ ls -l | grep admin
-rwxr-sr-x    1 root     mail        36849 Nov  1 18:50 admin*
-rwxr-sr-x    1 root     mail        36857 Nov  1 18:50 admindb*
[apache at www cgi-bin]$ ls -l .. | grep cgi
drwxrwsr-x    2 root     mail         4096 Nov  1 18:50 cgi-bin/
[apache at www cgi-bin]$ ls -l ../.. | grep mailman
drwxrwsr-x   13 root     root         4096 Nov  1 18:50 mailman/
--------------

Seems like everything is setgid as it should be. I also chown'ed and
chgrp'd the files to the apache owner and group, but of course I had the
same result. bin/check_perms -f made all the files owned by "mail" again.

Just for fun, check the version I'm running...

-------------
[root at www mailman]# bin/version
Using Mailman version: 2.1.3
-------------
====================================

I'm still stuck. Anyone else have any ideas?

Thanks,

John B.




Simon White wrote:

>02-Nov-03 at 14:06, Doug Griswold (griswld at cio.sc.gov) wrote :
>  
>
>>Your apache server is executing the cgi as root.  
>>    
>>
>
>I'm not sure there is full evidence for this, the message which implied
>it was running as root was from a command line test, not from Apache. I
>can't believe a large distro like Mandrake would let Apache run as root
>(unless, of course, it's been hand compiled and _specifically_
>configured to do so).
>
>  
>
>>You have run ./configure --with-cgi-gid=apache but it needs to be
>>./cofigure --with-cgi-gid=root.  But this is a bad idea better to
>>change how your webserver is running.  It probably should be executing
>>the cgi as group is apache in httpd.conf there should be an entry si
>>iliar to this.
>>
>>User apache
>>Group apache
>>    
>>
>
>Never let anything run as root if you can avoid it. To find out what
>Apache is running as, do:
>
>$ ps -aux | grep httpd
>
>my results:
>
>root     19848  0.0  0.2  4624   72 ?        S    Sep26   0:00 /var/apache/bin/httpd
>nobody   19849  0.0  0.9 13616  276 ?        S    Sep26  19:37 [httpd]
>[... several more lines like the second one ...]
>
>Always one master process as root, but that one only serves as a
>listener to spawn children running as nobody... because you have to be
>root to listen to ports < 1024 in most circumstances.
>
>Here in the example my Apache server runs as nobody. The username for
>your Apache may be different. As Doug said, it will be in the httpd.conf
>file somewhere.
>
>Find out which user your Apache server is running as for sure, then
>recompile Mailman passing --with-cgi-gid=<userid which runs your apache>
>to configure.
>
>There may be other permissions issues, but this issue needs to be
>checked before others. As you said you've reinstalled several times,
>there could be junk lying around messing up an otherwise correct config
>that you've thought was wrong...
>
>  
>

More information about the Mailman-Users mailing list