[Mailman-Users] private and public archive directory permissions

Noah noah-list at enabled.com
Mon Jul 13 05:43:52 CEST 2015 

Hi Mark,

Thank you for supporting mailman all these years.

Here is the error

--- snip ----

[Mon Jul 13 03:29:36.036929 2015] [authz_core:error] [pid 739] [client 
<ip_addr>:64962] AH01630: client denied by server configuration: 
/var/lib/mailman/archives/public/<list>, referer: 
http://<domain>/mailman/admin/<list>

--- snip ---

I think I did what was suggested in the FAQ but still getting the above 
error when I attempt to go to the list's archive URL

/var/lib/mailman/archives $ ls -ld
drwxrwsr-x 4 list list 4096 Oct  2  2002 .

/var/lib/mailman/archives $ ls -l
total 8
drwxrws--- 110 list list 4096 Jul  4 22:44 private
drwxrwsr-x   2 list list 4096 Jun  2  2012 public

/var/lib/mailman/archives $ ls -l public/<list>
lrwxrwxrwx 1 root list 43 Mar  9  2014 public/<list> -> 
/var/lib/mailman/archives/private/<list>

/var/lib/mailman/archives/private $ ls -ld <list>*
drwxrwsr-x 97 list     list 16384 Jul  2 10:27 <list>
drwxrwsr-x  2 www-data list  4096 Nov  5  2007 <list>.mbox

-- qrunner is running as list ---

root      3847  0.0  0.1  11748  2172 pts/1    S+   03:36   0:00 grep 
qrunner
list      8075  0.0  0.5  55560 10348 ?        S    Jul12   0:12 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
list      8076  0.0  0.5  56500 11932 ?        S    Jul12   0:12 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
list      8077  0.0  0.5  55584 11116 ?        S    Jul12   0:13 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
list      8078  0.0  0.6  57212 12844 ?        S    Jul12   0:13 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
list      8079  0.0  0.3  54872  7408 ?        S    Jul12   0:12 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
list      8080  0.0  0.6  59656 13528 ?        S    Jul12   0:14 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
list      8081  0.0  0.5  56600 12132 ?        S    Jul12   0:12 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
list      8082  0.0  0.4  54848  8980 ?        S    Jul12   0:00 
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s


---- snip ---


Cheers,

Noah


On 7/12/15 6:54 PM, Mark Sapiro wrote:> On 7/12/15 5:58 PM, Noah wrote:
 >>
 >> I migrated to a new server and I am back again with permission issues.
 >> I am running apache2 on an ubuntu 14.04 server.
 >>
 >> is there a good tutorial out there that explains the best practices for
 >> ownership for the different directories and sub-directories
 >
 >
 > Everything should be in Mailman's group ('mailman' or '_mailman' or
 > maybe 'list' in your case) and all the directories and the cgi and mail
 > compiled wrappers should be SETGID.
 >
 > See the FAQ at <http://wiki.list.org/x/4030645>.
 >
 >
 >> I run check_perms -f as root and some of the same directories still need
 >> correcting even after running 'check_perms -f' as root many times.
 >
 >
 > check_perms gets confused by symlinks. It checks and complains about the
 > group and permissions of the symlink itself which are really irrelevant.
 > When fixing, it actually fixes the target which is what you want, but
 > next time it will complain again because it is still looking at the
 > symlink. Bottom line is ignore the errors it reports about symlinks.
 >
 >
 >> I have a list user and a mailman user and group that I moved over from
 >> my old server.   Apache2 is running as www-data .
 >
 >
 > In your Debian/Ubuntu package, Mailman's user:group are list:list.
 >
 >
 >> I am using mbox is that matters.
 >>
 >> here is some config:
 >>
 >> /var/lib/mailman/archives $ ls -l
 >> total 8.0K
 >> drwxrws--x 110 mailman 4.0K Jul  4 22:44 private/
 >> drwxrwsr-x   2 mailman 4.0K Jun  2  2012 public/
 >
 >
 > Is 'mailman' the owner or group? Perhaps these came from another system,
 > but for the Ubuntu package if that's what you're using, group should be
 > 'list'.
 >
 >
 >> /etc/apache2/conf-enabled $ ls -l mailman.conf
 >> lrwxrwxrwx 1 root 30 Jul 13 00:52 mailman.conf ->
 >> ../conf-available/mailman.conf
 >>
 >>
 >>
 >> /etc/apache2/conf-enabled $ cat ../conf-available/mailman.conf
 >>
 >> Alias /pipermail/ /var/lib/mailman/archives/public/
 >> Alias /images/mailman/ /usr/share/images/mailman/
 >> ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
 >> <Directory /usr/lib/cgi-bin/mailman/>
 >>       AllowOverride None
 >>       Options ExecCGI
 >>       AddHandler cgi-script .cgi
 >>       Order allow,deny
 >>       Allow from all
 >> </Directory>
 >> <Directory /var/lib/mailman/archives/public/>
 >>       Options Indexes FollowSymlinks
 >>       AllowOverride None
 >>       Order allow,deny
 >>       Allow from all
 >> </Directory>
 >> <Directory /usr/share/images/mailman/>
 >>       AllowOverride None
 >>       Order allow,deny
 >>       Allow from all
 >> </Directory>
 >
 >
 > This looks OK.
 >
 > What exactly is your problem? Is there actually something that doesn't
 > work? If so, what?
 >

More information about the Mailman-Users mailing list