[Mailman-Users] IOError: [Errno 13] Permission denied on config.pck in Fedora 30

Tue Jul 23 15:42:31 EDT 2019

On 7/22/19 11:12 AM, Robert Kudyba wrote:
> Does mailman 2.1 now need to run as the same user as Apache runs?

No.

> In our case httpd runs as the user ‘apache’ and mailman runs as ‘mailman’. I reinstalled mailman and no difference. I’ve seen this error referenced several time and to run check_perms which I did.
> 
> /usr/lib/mailman/bin/check_perms
> /usr/lib/mailman/bin/mailman-update-cfg bad group (has: root, expected mailman)
> Problems found: 1
> Re-run as mailman (or root) with -f flag to fix
> ls -l /usr/lib/mailman/bin/mailman-update-cfg
> -rwxr-xr-x 1 root root 436 Feb 12 06:54 /usr/lib/mailman/bin/mailman-update-cfg
> chown mailman:mailman /usr/lib/mailman/bin/mailman-update-cfg
> /usr/lib/mailman/bin/check_perms
> No problems found

I don't know what bin/mailman-update-cfg is. It isn't distributed by the
GNU Mailman project. It probably isn't the issue anyway.

...
> ls -l /var/lib/mailman/lists/book/
> total 24
> -rw-rw---- 1 mailman mailman 5593 Jul 22 09:00 config.pck
> -rw-rw---- 1 mailman mailman 5593 Jul 21 12:00 config.pck.last
> -rw-rw---- 1 mailman mailman  131 Oct 12  2018 pending.pck
> -rw-rw---- 1 apache  mailman   20 Oct 13  2018 request.pck
> 
> ls -l  /var/log/mailman/error
> -rw-rw---- 1 mailman mailman 37997 Jul 22 10:57 /var/log/mailman/error

These look OK.

This is almost certainly an issue with the CGI wrappers or with SELinux.

The wrappers in /usr/lib/mailman/cgi-bin and in /usr/lib/mailman/mail
should all be group mailman and SETGID as in

ls -la cgi-bin
total 372
drwxrwsr-x  2 root    mailman  4096 Jun 21 15:04 ./
drwxrwsr-x 13 mailman mailman  4096 Jun  7 07:07 ../
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 admin*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 admindb*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 confirm*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 create*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 edithtml*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 htdig*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 listinfo*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 mmsearch*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 options*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 private*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 rmlist*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 roster*
-rwxr-sr-x  1 root    mailman 27296 Jun 21 15:04 subscribe*

ls -la mail
total 36
drwxrwsr-x  2 root    mailman  4096 Jun 21 15:04 ./
drwxrwsr-x 13 mailman mailman  4096 Jun  7 07:07 ../
-rwxr-sr-x  1 root    mailman 28488 Jun 21 15:04 mailman*

See <https://wiki.list.org/x/4030645>, however, this is all probably OK
because check_perms would complain if it weren't.

Thus, this is almost certainly a SELinux issue. Try disabling SELinux.
If that solves the issue and you want to enable SELinux, you'll need to
review/update your SELinux Policy.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan