[Mailman-Users] IOError: [Errno 13] Permission denied on config.pck in Fedora 30

Mark Sapiro mark at msapiro.net
Wed Jul 24 17:27:14 EDT 2019 

On 7/24/19 1:59 PM, Robert Kudyba wrote:
> I’m getting some where here. First Apache httpd runs as user:apache:


Right.



> Now I see these files, and look at the owner:
>  ls -lt /var/lib/mailman/lists/mailman/
> total 184
> -rw-rw---- 1 apache  mailman  4352 Jul 24 16:55 config.pck
> -rw-rw---- 1 apache  mailman  4352 Jul 24 16:55 config.pck.last
> -rw-rw---- 1 apache  mailman 22949 Jul 24 16:54 request.pck
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:51 config.pck.tmp.dsm.dsm.fordham.edu.5850
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:47 config.pck.tmp.dsm.dsm.fordham.edu.5342
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:46 config.pck.tmp.dsm.dsm.fordham.edu.5002
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:38 config.pck.tmp.dsm.dsm.fordham.edu.3609
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:34 config.pck.tmp.dsm.dsm.fordham.edu.2986
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:32 config.pck.tmp.dsm.dsm.fordham.edu.2727
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 13:41 config.pck.tmp.dsm.dsm.fordham.edu.5113
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:58 config.pck.tmp.dsm.dsm.fordham.edu.22328
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:40 config.pck.tmp.dsm.dsm.fordham.edu.19790
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:29 config.pck.tmp.dsm.dsm.fordham.edu.13505
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:25 config.pck.tmp.dsm.dsm.fordham.edu.15335
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:23 config.pck.tmp.dsm.dsm.fordham.edu.14826
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:23 config.pck.tmp.dsm.dsm.fordham.edu.14771
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 10:03 config.pck.tmp.dsm.dsm.fordham.edu.22176
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 10:01 config.pck.tmp.dsm.dsm.fordham.edu.22179
> -rw-rw-rw- 1 mailman mailman  3122 Jul 24 10:01 pending.pck
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 09:00 config.pck.tmp.dsm.dsm.fordham.edu.6326
> -rw-rw-rw- 1 mailman mailman  4350 Jul 24 09:00 config.pck.tmp.dsm.dsm.fordham.edu.6329
> -rw-rw-rw- 1 mailman mailman  2438 Jul 23 08:51 digest.mbox
> 
> Whenever I am in the admin page the 1st 3 files get changed to user:apache.


This is all as it should be.

Note that all the config.pck.tmp.dsm.dsm.fordham.edu.pppp files are left
from when the linking of config.pck to config.pck.last failed as
described at
<https://mail.python.org/pipermail/mailman-users/2019-July/084590.html>.
They can be removed.

The owner of these files doesn't matter. It is the mailman group that
matters. When apache saves a list, it is running as user:group
apache:mailman. This is how the files get created. It is the mailman
group and its permissions that allow this. When a qrunner saves a list
it is running as mailman:mailman and the created files have that
user:group. When a web CGI saves a list it is running as apache:mailman
and the created files have that user:group.

This is all expected and it is the group permissions that allow the
operations.


> Is there perhaps something in the .service file that I need to change?
> cat /usr/lib/systemd/system/mailman.service
> [Unit]
> Description=GNU Mailing List Manager
> After=syslog.target network.target
> 
> [Service]
> ExecStartPre=/usr/lib/mailman/bin/mailman-update-cfg

Ask RedHat about this one.


> ExecStartPre=/usr/bin/install -m644 -o mailman -g mailman /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman

This is also a RedHat thing.


> ExecStartPre=/bin/touch /var/log/mailman/error
> ExecStartPre=/bin/chown mailman:mailman /var/log/mailman/error
> ExecStartPre=/bin/chmod 666 /var/log/mailman/error

The above should not be necessary at all.

> ExecStart=/usr/lib/mailman/bin/mailmanctl -s start
> ExecReload=/usr/lib/mailman/bin/mailmanctl restart
> ExecStop=/usr/lib/mailman/bin/mailman-update-cfg
> ExecStop=/usr/lib/mailman/bin/mailmanctl stop
> ExecStop=/bin/sh -c 'echo -e "# DO NOT EDIT THIS FILE!\n#\n# Contents of this file managed by /etc/init.d/mailman\n# Master copy is /usr/lib/mailman/cron/crontab.in" > /etc/cron.d/mailman'
> Type=forking
> 
> [Install]
> WantedBy=multi-user.target
> 
> Does the user NEED to be the same as who Apache runs as?


No. the group has to be mailman. the user is irrelevant.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list