[Mailman-Users] Issues with mailman
Chris Petrik
c.petrik.sosa at gmail.com
Wed Nov 16 03:02:22 CET 2011
On 11/15/2011 5:43 PM, Mark Sapiro wrote:
> Chris Petrik wrote:
>> Now when I try to go to the admin section of the webui for the mailing I
>> get the bug page. Which is easily fixed by changing the owner from
>> mailman to www.
>>
>> I tried adding mailman to group www but that doesn't seem to work.
>
> It should work. See the FAQ at<http://wiki.list.org/x/tYA9> for more
> on this, but basically, Mailman's directories are group mailman and
> SETGID so that subordinate files are created with group mailman.
> Mailman's Cgi wrappers and mail wrapper are group mailman and SETGID
> so they run with effective group mailman. Mailman's qrunners run as
> user:group mailman:mailman.
>
> The whole thing is based on anything that is running in group mailman
> has write permission on all the mutable directories and their contents.
>
> If your OS does not allow user:group www:mailman to do certain
> operations on files owned by mailman:mailman even though the mailman
> group has write permission and likewise for group mailman:mailman on
> files owned by www:mailman, you will not be able to avoid these issues.
>
> Mailman is known to work on FreeBSD, so there must be something you can
> do to enable this.
>
> In a followup Chris added:
>
>> I recompiled mailman with the cgi_gid changed to mailman and the apache
>> config to be changed as AssignUserID mailman mailman and now I don't get
>> the bug page and all is well.
>
> This is not a good idea. It means the web server now runs as
> mailman:mailman and can access anything in Mailman's tree without
> necessarily going through the authentication in the CGIs. There may
> not be any URLs that can do this, but consider
> http://www.example.com/pipermail/../../lists for example.
>
>
>> I will continue to monitor the mailman
>> services too see if any more perm issues arise before I create
>> production mailing lists.
>>
>> I am not sure if this is the proper way to run mailman but it seems to
>> work, since the web panel is always open to issues and bug reports which
>> is awesome it is not that hard to explain to them the issue and have
>> them fix it. Seems rather obvious mailman creates files as user mailman
>> but editing the files in a web browser creates the files as the running
>> user of the web server IE: www if I am not mistaken using the itk patch
>> will allow the web server to create/edit files as the user set in the
>> AssignUSerID directive in apache.
>
> I don't know how your web server works, but the owner = www or mailman
> shouldn't matter as everything should be based on group. Possibly, the
> issue is the web server is not honoring the SETGID bit on the CGI
> wrappers.
>
If I change the owner to www for config.pck the webui works but then I
get the perm os.link errors. if I change the perms for config.pck to
mailman i no longer get the on.link errors but I get the bug page.
I no recompiled mailman to the defaults and trying to figure out what is
causing this as:
Bug in Mailman version 2.1.14
We're sorry, we hit a bug!
Please inform the webmaster for this site of this problem. Printing of
traceback and other system information has been explicitly inhibited,
but the webmaster can find this information in the Mailman error logs.
is not very informative.
looking at the log all I see is the typical:
admin(62887): File "/usr/local/mailman/Mailman/MailList.py", line 549,
in __s$
admin(62887): os.link(fname, fname_last)
admin(62887): OSError: [Errno 1] Operation not permitted
and nothing in the apache logs to tell me anything valuable besides what
logs/error says any possible way to make it spit some debug info out for
means of testing then turn it off?
Chris
More information about the Mailman-Users
mailing list