[Mailman-Users] config.pck get changed back from correct values...

Mark Sapiro mark at msapiro.net
Thu Jan 29 17:20:29 CET 2009 

john espiro wrote:
>
>so...
>1.) How do I tell if the CGI wrappers are SETID?


bin/check_perms should check this, but the following

[mark at sbh16 ~]$ ls -l ~mailman/cgi-bin/
total 208
-rwxr-sr-x 1 root mailman 15989 Jan 11 11:16 admin
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 admindb
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 confirm
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 create
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 edithtml
-rwxr-sr-x 1 root mailman 15989 Jan 11 11:16 htdig
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 listinfo
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 mmsearch
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 options
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 private
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 rmlist
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 roster
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 subscribe
[mark at sbh16 ~]$

shows the SETGID bit as the 's' in -rwxr-sr-x


>To get everything to work properly, the files need to be set as webadmin:mailman.


Which should not be necessary. owner shouldn't matter. Only group
matters in a properly configured Mailman installation.


>or, how do I tell #2 (webserver/OS not honoring SETGID)?


If the files in cgi-bin have permissions as above, and the
subdirectories of lists/ have group and permissions like

[mark at sbh16 ~]$ ls -l lists/
total 28
drwxrwsr-x 3 root   mailman 4096 Jan 29 03:30 century-announce
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 gpc-century
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 gpc-talk
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 gpc-test
drwxrwsr-x 2 apache mailman 4096 Jan 29 03:30 gpc-website
drwxrwsr-x 2 root   mailman 4096 Jan 29 08:00 mailman
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 wed_ride
[mark at sbh16 ~]$


then the web interface should work.


>I am running APache, if that helps.


Are you running Apache with suEXEC? If so, you will probably have
issues because the suEXEC security strategy is in conflict with
Mailman's security strategy.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list