[Mailman-Users] Permission issues - was: Duplicate Subscription Confirmations

Mark Sapiro mark at msapiro.net
Fri Dec 12 21:24:20 CET 2008 

James Weingarten wrote:
>
>I had a problem with permissions that prevented the Mailman GUI from
>successfully creating list. The GUI returned the following error:
>
>Bug in Mailman version 2.1.9
>We're sorry, we hit a bug!
>Please inform the webmaster for this site of this
>problem.  Printing of traceback and other system information has been
>explicitly inhibited, but the webmaster can find this information in the
>Mailman error logs. 
>
>
>and the error log shows:
>
>Dec 12 11:35:27 2008 (3669) command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted)
>Dec 12 11:35:27 2008 admin(3669): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>admin(3669): [----- Mailman Version: 2.1.9 -----]
>admin(3669): [----- Traceback ------]
>admin(3669): Traceback (most recent call last):
>admin(3669):   File "/usr/lib/mailman/scripts/driver", line 101, in run_main
>admin(3669):     main()
>admin(3669):   File "/usr/lib/mailman/Mailman/Cgi/create.py", line 56, in main
>admin(3669):     process_request(doc, cgidata)
>admin(3669):   File "/usr/lib/mailman/Mailman/Cgi/create.py", line 238, in process_request
>admin(3669):     sys.modules[modname].create(mlist, cgi=1)
>admin(3669):   File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 232, in create
>admin(3669):     _update_maps()
>admin(3669):   File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 53, in _update_maps
>admin(3669):     raise RuntimeError, msg % (acmd, status, errstr)
>admin(3669): RuntimeError: command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted)
<snip>
>
>The problem was alleged to be caused by thefact that the web server process owner "apache" was calling this process. Apparently, this user did not have permissions to execute the command. After fiddling with ownerships and permissions, I was never able to resolve the problem and had to resort to command line "newlist" to create all lists. Do you have any idea what is causing this problem? 


Yes, it is permissions. Actually, in the above case, the list was
created and its aliases were added to /etc/mailman/aliases and only
the the execution of /usr/sbin/postalias to update the aliases.db file
failed.

I suspect since the aliases are in /etc/mailman, that this is a RedHat
package. I'm not 100% certain how to translate what I know into this
RedHat structure, but

1) All the files (wrappers) in /usr/lib/mailman/cgi-bin/ (in particular
for this, /usr/lib/mailman/cgi-bin/create) should be group 'mailman'
and SETGID. Typically they are like

-rwxr-sr-x 1 root mailman 15993 Jun 30 11:23 create

although the owner isn't important.

2) The files /etc/mailman/aliases and /etc/mailman/aliases.db need to
be group writable and group 'mailman'. E.g.

-rw-rw---- 1 root    mailman  7193 Dec  3 13:08 aliases
-rw-rw---- 1 mailman mailman 12288 Dec  3 13:08 aliases.db

If that doesn't resolve the problem, it may be a SELinux issue.


>Also, (and this may be related), I am seeing the following error in the Mailman error log:
>
>Dec 11 15:51:24 2008 (2107) SHUNTING: 1229039483.4080291+18102d31f7e1d52f9d4ca593ddb48d23f9e7d00e
>Dec 11 15:51:24 2008 (2104) Archive file access failure:
>        /var/lib/mailman/archives/private/listname.mbox/listname.mbox [Errno 13] Permission denied: '/var/lib/mailman/archives/private/listname.mbox/listname.mbox'
>Dec 11 15:51:24 2008 (2104) Uncaught runner exception: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/listname.mbox/listname.mbox'
>Dec 11 15:51:24 2008 (2104) Traceback (most recent call last):
>  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 112, in _oneloop
>    self._onefile(msg, msgdata)
>  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 170, in _onefile
>    keepqueued = self._dispose(mlist, msg, msgdata)
>  File "/usr/lib/mailman/Mailman/Queue/ArchRunner.py", line 73, in _dispose
>    mlist.ArchiveMail(msg)
>  File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 200, in ArchiveMail
>    self.__archive_to_mbox(msg)
>  File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 169, in __archive_to_mbox
>    mbox = self.__archive_file(afn)
>  File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 157, in __archive_file
>    return Mailbox.Mailbox(open(afn, 'a+'))
>IOError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/listname.mbox/listname.mbox'
>
>The "check_perms" command reports no problems. What should the owner be for the archive directories and files? What should the permissions be? 


There are some known problems with check_perms and archives.

the directories /var/lib/mailman/, /var/lib/mailman/archives/ and all
subordinate directories except for /var/lib/mailman/archives/private/
itself and the /var/lib/mailman/archives/private/LISTNAME/database
directories should be

drwxrwsr-x 5 owner mailman

(owner doesn't matter)

/var/lib/mailman/archives/private/ should be either

drwxrws--x 5 owner mailman

or

drwxrws--- 5 apache mailman

assuming apache is the web server user.

The /var/lib/mailman/archives/private/LISTNAME/database directories
should be

drwxrws--- 5 owner mailman


All the files should be group writable and group 'mailman' and except
for those in the /var/lib/mailman/archives/private/LISTNAME/database
directories, they should be world readable.

This is not related to the create error except in that they are both
permissions issues.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list