[Mailman-Users] chroot, OpenBSD, Apache, and Mailman
David Newman
dnewman at networktest.com
Sat Apr 19 22:10:29 CEST 2008
Mark Sapiro wrote:
>> I suspect a permissions problem. Mailman would not serve up pages when
>> all files were owned by group mailman, so I did 'chgrp -R www
>> /var/www/mailman'. But after trying to create a list, the
>> aliases file is mode 660, owned by root:www.
>
>
> This is probably a mistake. Mailman relies on everything being group
> Mailman and the CGI and mail wrappers being group Mailman and SETGID
> so everything runs as group Mailman. If the chroot jail doesn't allow
> SETGID to work, then I'm not sure what you'ld need to do, but whatever
> user:group structure you have, both the web server and the MTA have to
> be able to write various Mailman files.
Yes, that's the key issue. The OpenBSD chroot won't SETGID in part
because it mounts the /var partition nosuid, which forbids SETGID. In
theory it's possible to disable this, and get the python and other
binaries and libraries into the chroot environment, but at that point
there's really no benefit to running chroot'ed.
The much easier (if somewhat less secure) solution is to run Apache
without chroot. Just set 'httpd_flags=-u' in /etc/rc.conf.
After restarting Apache, Mailman installed clean with the default
configure options.
thanks very much
dn
More information about the Mailman-Users
mailing list