[Mailman-Users] Error on attempt to create a List in Mailman2.1.7-15.12.1 from Mailman Web admin UI

[Mark Sapiro]

Mailman Admin wrote:
>
>The problem is, that even after bin/fixurl is run, the archive directory
>/var/lib/mailman/archives/private/ has owner:group = mailman:mailman .
>You have to set it to wwwrun:mailman, in order for the apache server to
>have write access to it too.
>It needs write access for creating lists via webinterface.


I think Stephen has covered this well, but in case there is any
remaining confusion, here's a summary.

In order for web access to public archives to work, the web server,
running as the web server user:group, must be able to search the
archives/private directory. For other reasons (next paragraph), this
directory must be group 'mailman' so in order for public archive
access to work, the archives/private directory must be o+x or owned by
the web server user.

This has nothing to do with the create or other CGIs working because
the CGI wrappers should all be group mailman and SETGID so the run
with effective group mailman and that group should have sufficient
access to do what the CGIs need to do.

In this case, if the create CGI wrapper is group mailman and SETGID and
the mailman group has rwx (actually rws for other reasons) access on
archives/private, and the create gets the permission denied error, the
SETGID must not be effective, perhaps because it's on a file system
that doesn't allow it, but in that case, all the CGIs should have
permission issues.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan