[Mailman-Users] confusing permission errors, help please

Hugh Esco he at reclaimedcomputers.ca
Wed Dec 21 01:31:49 CET 2005 

I added the + sign, restarted the apache server and still got the same errors in the borwser and apache log: "Permission denied: access to /mailman/listinfo denied".  

I'm running gentoo (not SELinux) on this server, while my experience is with debian.  A choice made by others, I'm afraid.  So in the mean time, I'm groping.  I just took a quick scan at the suEXEC docs on the apache2 site.  But I have no previous familiarity with it.  Nor am I sure how I might determine if apache was compiled with it.  Looking at my configuration files with grep suEXEC -R /etc/apache2/* yielded an empty result set.  

As an experiment, I'll try the advise for suEXEC.  If it doesn't get me anywhere, I'll back it out.  

-- Hugh 

On Tue, 20 Dec 2005 15:52:37 -0800
Mark Sapiro <msapiro at value.net> wrote:

> Hugh Esco wrote:
> >
> >The apache error log for mumble still says:  
> >
> >	[Tue Dec 20 13:29:44 2005] [error] [client nnn.nnn.nnn.nnn] 
> >		(13)Permission denied: access to /mailman/listinfo denied
> 
> 
> So apparently, adding
> 
>    <Directory /u/m/mumble/mailman/cgi-bin/>
>      Options ExecCGI
>      SetHandler cgi-script
>    </Directory>
> 
> didn't fix it. I would have added "Options +ExecCGI", but that probably
> won't help either.
> 
> The "403 Forbidden error was encountered while trying to use an
> ErrorDocument" seems to say there is something wrong with this virtual
> host. Are you by any chance using suEXEC with this virtual host? Are
> you running SELinux?
> 
> If suEXEC, see
> <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.017.htp>
> 
> 
> >Your answer about using a single user for every instance of mailman didn't indicate if I was actually going overboard by creating instance specific users for each installation.  I have paired up user1 with mumble1, user2 with mumble2, etc., as an added security barrier and to protect users and their archives from one another.  Will it run this way?  Is that necessary?  
> 
> 
> Yes, it will run that way. If you don't need the ability to have the
> same list name on separate hosts, then this is probably overkill. if
> you're asking is having a separate user per Mailman instance overkill
> vs. having multiple, distinct instances all with the same user, having
> separate users would allow giving the actual virtual host clients more
> control over/visibility into their own Mailman without allowing them
> to impact others. This may be useful. The alternative protection is to
> have restrictive enough permissions so the individual virtual host
> users don't have shell access to their Mailman at all.
> 
> 
> >If I use a single source directory, yet install in multiple installation directories, each serving its own vhost, can two instances share a listname so I can have dx at mumble1.example.com and another at dx at mumble2.example.com?
> 
> 
> Yes, and that is the major reason for doing it this way. If you don't
> need this ability, you can probably do just fine with a single mailman
> instance with Mailman's virtual host support.
> 
> -- 
> Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan

-- 
RCK Computer Services 
http://reclaimedcomputers.ca/

More information about the Mailman-Users mailing list