[Mailman-Users] IOError: [Errno 13] Permission denied on config.pck in Fedora 30

Robert Kudyba rkudyba at fordham.edu
Thu Jul 25 10:50:59 EDT 2019 

OK almost there. I can get into the admin however for each list, I am still
getting permission errors.

Here are the current perms:
ls -l /var/lib/mailman/lists/datastr
total 32
-rw-rw-rw- 1 mailman mailman 9250 Jul 23 14:15 config.pck
-rw-rw-rw- 1 mailman mailman 9250 Jul 23 09:00 config.pck.last
-rw-rw-rw- 1 mailman mailman  130 Mar 31  2016 pending.pck
-rw-rw-rw- 1 mailman mailman   20 Apr  1  2016 request.pck

ls -ld /var/lib/mailman/lists/datastr
drwxrwsr-x 2 mailman mailman 85 Jul 23 14:15 /var/lib/mailman/lists/datastr

ls -ld /var/lib/mailman/lists/
drwxrwsr-x 25 mailman mailman 4096 Feb 12 06:53 /var/lib/mailman/lists/

ls -ld /var/lib/mailman/
drwxrwsr-x 6 root mailman 59 Feb 12 06:53 /var/lib/mailman/

So the below tmp file cannot write into the directory.

Jul 25 10:45:29 2019 (10878) Failed config.pck write, retaining old state.
[Errno 13] Permission denied:
'/var/lib/mailman/lists/datastr/config.pck.tmp.ourdomain.edu.10878'
Jul 25 10:45:29 2019 admin(10878):
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(10878): [----- Mailman Version: 2.1.29 -----]
admin(10878): [----- Traceback ------]
admin(10878): Traceback (most recent call last):
admin(10878):   File "/usr/lib/mailman/scripts/driver", line 117, in
run_main
admin(10878):     main()
admin(10878):   File "/usr/lib/mailman/Mailman/Cgi/admin.py", line 250, in
main
admin(10878):     mlist.Save()
admin(10878):   File "/usr/lib/mailman/Mailman/MailList.py", line 613, in
Save
admin(10878):     self.__save(dict)
admin(10878):   File "/usr/lib/mailman/Mailman/MailList.py", line 568, in
__save
admin(10878):     fp = open(fname_tmp, 'w')
admin(10878): IOError: [Errno 13] Permission denied:
'/var/lib/mailman/lists/datastr/config.pck.tmp.ourdomain.edu.10878'
admin(10878): [----- Python Information -----]
admin(10878): sys.version     =   2.7.16 (default, Apr 30 2019, 15:54:43)
[GCC 9.0.1 20190312 (Red Hat 9.0.1-0.10)]
admin(10878): sys.executable  =   /usr/bin/python2
admin(10878): sys.prefix      =   /usr
admin(10878): sys.exec_prefix =   /usr
admin(10878): sys.path        =   ['/usr/lib/mailman/pythonlib',
'/usr/lib/mailman', '/usr/lib/mailman/scripts', '/usr/lib/mailman',
'/usr/lib/python27.zip', '/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old', '/usr/lib64/python2.7/lib-dynload',
'/usr/lib/python2.7/site-packages', '/usr/lib/python2.7/dist-packages']
admin(10878): sys.platform    =   linux2
admin(10878): [----- Environment Variables -----]
admin(10878):   CONTENT_LENGTH: 38
admin(10878):   HTTPS: on
admin(10878):   HTTP_COOKIE:
admin(10878):   SERVER_NAME: ourdomain.edu
admin(10878):   SERVER_PROTOCOL: HTTP/1.1
admin(10878):   PYTHONPATH: /usr/lib/mailman
admin(10878):   REMOTE_ADDR: myip
admin(10878):   REQUEST_SCHEME: https
admin(10878):   SCRIPT_NAME: /mailman/admin
admin(10878):   REQUEST_METHOD: POST
admin(10878):   SERVER_PORT: 443
admin(10878):   HTTP_HOST: ourdomain.edu
admin(10878):   PATH_INFO: /datastr
admin(10878):   CONTENT_TYPE: application/x-www-form-urlencoded
admin(10878):   REMOTE_PORT: 53063
admin(10878):   QUERY_STRING:
admin(10878):   REQUEST_URI: /mailman/admin/datastr
admin(10878):   DOCUMENT_ROOT: /var/www/html

Isn't this similar to my other issue? I believe the user "apache" needs to
write that tmp file?

On Wed, Jul 24, 2019 at 5:29 PM Mark Sapiro <mark at msapiro.net> wrote:

> On 7/24/19 1:59 PM, Robert Kudyba wrote:
> > I’m getting some where here. First Apache httpd runs as user:apache:
>
>
> Right.
>
>
>
> > Now I see these files, and look at the owner:
> >  ls -lt /var/lib/mailman/lists/mailman/
> > total 184
> > -rw-rw---- 1 apache  mailman  4352 Jul 24 16:55 config.pck
> > -rw-rw---- 1 apache  mailman  4352 Jul 24 16:55 config.pck.last
> > -rw-rw---- 1 apache  mailman 22949 Jul 24 16:54 request.pck
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:51
> config.pck.tmp.dsm.dsm.fordham.edu.5850
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:47
> config.pck.tmp.dsm.dsm.fordham.edu.5342
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:46
> config.pck.tmp.dsm.dsm.fordham.edu.5002
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:38
> config.pck.tmp.dsm.dsm.fordham.edu.3609
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:34
> config.pck.tmp.dsm.dsm.fordham.edu.2986
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 16:32
> config.pck.tmp.dsm.dsm.fordham.edu.2727
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 13:41
> config.pck.tmp.dsm.dsm.fordham.edu.5113
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:58
> config.pck.tmp.dsm.dsm.fordham.edu.22328
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:40
> config.pck.tmp.dsm.dsm.fordham.edu.19790
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:29
> config.pck.tmp.dsm.dsm.fordham.edu.13505
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:25
> config.pck.tmp.dsm.dsm.fordham.edu.15335
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:23
> config.pck.tmp.dsm.dsm.fordham.edu.14826
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 11:23
> config.pck.tmp.dsm.dsm.fordham.edu.14771
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 10:03
> config.pck.tmp.dsm.dsm.fordham.edu.22176
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 10:01
> config.pck.tmp.dsm.dsm.fordham.edu.22179
> > -rw-rw-rw- 1 mailman mailman  3122 Jul 24 10:01 pending.pck
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 09:00
> config.pck.tmp.dsm.dsm.fordham.edu.6326
> > -rw-rw-rw- 1 mailman mailman  4350 Jul 24 09:00
> config.pck.tmp.dsm.dsm.fordham.edu.6329
> > -rw-rw-rw- 1 mailman mailman  2438 Jul 23 08:51 digest.mbox
> >
> > Whenever I am in the admin page the 1st 3 files get changed to
> user:apache.
>
>
> This is all as it should be.
>
> Note that all the config.pck.tmp.dsm.dsm.fordham.edu.pppp files are left
> from when the linking of config.pck to config.pck.last failed as
> described at
> <
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.python.org_pipermail_mailman-2Dusers_2019-2DJuly_084590.html&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=YN5-7P2QO-rJTSkNK0pyd-OoThRTFjU62JO756bVJo8&e=
> >.
> They can be removed.
>
> The owner of these files doesn't matter. It is the mailman group that
> matters. When apache saves a list, it is running as user:group
> apache:mailman. This is how the files get created. It is the mailman
> group and its permissions that allow this. When a qrunner saves a list
> it is running as mailman:mailman and the created files have that
> user:group. When a web CGI saves a list it is running as apache:mailman
> and the created files have that user:group.
>
> This is all expected and it is the group permissions that allow the
> operations.
>
>
> > Is there perhaps something in the .service file that I need to change?
> > cat /usr/lib/systemd/system/mailman.service
> > [Unit]
> > Description=GNU Mailing List Manager
> > After=syslog.target network.target
> >
> > [Service]
> > ExecStartPre=/usr/lib/mailman/bin/mailman-update-cfg
>
> Ask RedHat about this one.
>
>
> > ExecStartPre=/usr/bin/install -m644 -o mailman -g mailman
> /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman
>
> This is also a RedHat thing.
>
>
> > ExecStartPre=/bin/touch /var/log/mailman/error
> > ExecStartPre=/bin/chown mailman:mailman /var/log/mailman/error
> > ExecStartPre=/bin/chmod 666 /var/log/mailman/error
>
> The above should not be necessary at all.
>
> > ExecStart=/usr/lib/mailman/bin/mailmanctl -s start
> > ExecReload=/usr/lib/mailman/bin/mailmanctl restart
> > ExecStop=/usr/lib/mailman/bin/mailman-update-cfg
> > ExecStop=/usr/lib/mailman/bin/mailmanctl stop
> > ExecStop=/bin/sh -c 'echo -e "# DO NOT EDIT THIS FILE!\n#\n# Contents of
> this file managed by /etc/init.d/mailman\n# Master copy is
> /usr/lib/mailman/cron/crontab.in" > /etc/cron.d/mailman'
> > Type=forking
> >
> > [Install]
> > WantedBy=multi-user.target
> >
> > Does the user NEED to be the same as who Apache runs as?
>
>
> No. the group has to be mailman. the user is irrelevant.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.python.org_mailman_listinfo_mailman-2Dusers&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=1zwOlne7LsMUz3UiVKxB9NeBsI1pEV9eUuxQQ5L0_zY&e=
> Mailman FAQ:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.list.org_x_AgA3&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=pZjNHSUfy8LUmXE8tsm1kwXiYl7XqqwkkRzzV4LQeJE&e=
> Security Policy:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.list.org_x_QIA9&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=5kXYMZmAVrdvkYduBzBykS8wgAYbQpwmNbO1WIqdPak&e=
> Searchable Archives:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mail-2Darchive.com_mailman-2Dusers-2540python.org_&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=t1mMHU9K2bHneljt0LaxcPYD2UshKR8zxauH511Zn78&e=
> Unsubscribe:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.python.org_mailman_options_mailman-2Dusers_rkudyba-2540fordham.edu&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=xFUyyFlbQpESSDnVfWydAz2MwxF6-2c4QMEFV0UyhYo&e=
>

More information about the Mailman-Users mailing list