[Mailman-Users] Web interface stopped working after ubuntu update

Richard Shetron guest2 at sgeinc.com
Thu Mar 30 10:43:15 EDT 2017 

I had this problem during a ubuntu update.  IIRC:  I discovered that the 
update changed the user/group id's of mailman from mailman:www-data to 
list:list (or something like that) as it did a mailman update that 
messed up the id's.  It has been too long to remember the exact details. 
  The default ubuntu mailman install uses different permissions from a 
regular mailman install from the mailman tarball.  I may have removed 
and then reinstalled mailman from the tarball/source.  The ubuntu 
mailman package was pretty old, IIRC.

I remember systemd and apparmor breaking a running system and spending 
weeks fixing everything that was broken.  It broke enough stuff and 
caused enough problems that ubuntu has convinced me to find another *nix 
distribution or even switch to bsd to get away from the disaster that is 
systemd.

On 3/29/2017 3:31 PM, Nick Wyman wrote:
> Mark,
> 
> Thank you for looking.
> 
>> The error is "Operation not permitted". My best guess is this is
>> occurring at this point in the wrapper
>>
>> #ifdef HAVE_SETREGID
>>          status = setregid(getegid(), -1);
>>          if (status)
>>                  fatal(logident, SETREGID_FAILURE, "%s", strerror(errno));
>> #endif /* HAVE_SETREGID */
> 
> Indeed this is the case.  I recompiled the wrapper with this code block disabled and the web interface functioned again.
> 
> Note that the mailman user and group are "list" while apache runs as user and group "www-data".
> 
>>
>> Do other CGIs (e.g. admin, admindb, private, options) fail the same way.
> 
> Yes, all the cgi-bin executables return the same error message.
> 
>>
>> There should at least be something logged in /var/log/apache2/error.log
>> or wherever the error log is for the vhost. There is a 'syslog' call in
>> the wrapper, but it only writes the "Operation not permitted" message
>> that was displayed in the browser.
>>
>> If you can find the exit status of the wrapper in the apache log, those
>> codes are defined as
>>
>> /* Exit codes, so it's easier to distinguish what caused fatal errors when
>>   * looking at syslogs.
>>   */
>> #define GROUP_MISMATCH 2
>> #define SETREGID_FAILURE 3
>> #define EXECVE_FAILURE 4
>> #define MAIL_USAGE_ERROR 5
>> #define MAIL_ILLEGAL_COMMAND 6
>> #define ADDALIAS_USAGE_ERROR 7
>> #define GROUP_NAME_NOT_FOUND 8
> 
> I could not find this information in any log file.  However, via print instrumentation, I have reduced the problem to the setregid call.
> 
> I'm unable to explain why this command is suddenly failing.
> 
> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/guest2%40sgeinc.com
>

More information about the Mailman-Users mailing list