[Mailman-Users] cgi wrappers not properly executing
Mark Sapiro
mark at msapiro.net
Fri Dec 16 15:25:04 EST 2016
On 12/16/2016 11:17 AM, John Covici wrote:
> On Fri, 16 Dec 2016 13:04:50 -0500,
> Mark Sapiro wrote:
>>
>> Is anything written to mailman's error log after you made it world writable?
>
> When I did that, I got permission errors on the config.pck of the list
> since I was doing http://lists.ccs.covici.com/mailman/admin/<likst>
I understand that you said that. I am curious if anything was written to
Mailman's error log and if so, what?
> so the only way I was able to proceed was to either make the whole
> tree rw, or make it owned by apache, but I was hoping for a better
> solution. I wonder if there is some apache config I have wrong which
> is making the cgi's not execut properly?
Making the whole tree owned by apache is a workaround, and I understand
you want it to work as it should, so let's keep trying.
Do you have any security manager such as SELinux enabled? If so, try
disabling it and see if that helps.
There is also a mail wrapper, probably /usr/lib/mailman/mail/mailman. It
is also group mailman and SETGID and is used by the MTA's aliases to
pipe mail to Mailman. It's tricky because depending on your MTA and how
it executes a pipe for local delivery, it may already be running the
pipe as group mailman, but if not, the SETGID functionality is required
for it to work.
So the first question is how is the MTA delivering to Mailman? E.g. if
it is Postfix and Mailman's aliases are in an alias.db file owned by
mailman, the SETGID isn't needed and successful mail delivery doesn't
prove it works for this, but otherwise successful mail delivery may
prove SETGID works for this file and the question becomes what is
different about Apache and the CGIs.
As far as Apache is concerned, All I'm aware of is suEXEC. If you have
suEXEC enabled, see <https://httpd.apache.org/docs/current/suexec.html>,
but as far as I know, suEXEC won't interfere with SETGID on the mailman
CGI wrappers; a suEXEC problem will just prevent the CGI wrapper from
being run at all.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list