Michael Grant wrote: > >I have mailman more or less working with apache and suexec, though I >suspect I may have problems here. Suexec does not like group write or >setgid on the cgi files nor the cgi-bin dir, so I turned that off. I >can get to the admin and create pages.
As you're finding out, Mailman and SuExec don't work too well together. There is a FAQ at <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.017.htp> which you may have seen. >On permissions, I'm running the mailman web page as user=mailman and >group=mailman using this suexec line in the virtual host: > SuexecUserGroup mailman mailman >which should do away with needing to setgid the cgi files. That';s effectively what you need to do. You can use a different user:group, but whatever user:group you use needs read/write access to Mailman, so mailman:mailman is the easiest. >Mailman itself (the qrunner) is running as userid=mailman and >groupid=mailman as well. The doc says that this is not good because >it gives access to my private archives (if I ever have any private >archives). I'm not sure quite what to do about this. I think you misunderstand. Normally, mailmanctl must run as the user:group configured for Mailman or as root in which case, it will switch to Mailman's user:group anyway. Thus you are doing what needs to be done. The problem with access to private archives comes about if the web server runs as Mailman's user:group, which is what you have to do with SuExec because you can't SETGID. This in turn means that the web server has permission to access private archives without going through the private CGI. Thus, if it is possible to target Mailman's archives/private directory directly via some URL, it is not possible to block access. >On the sendmail side, I have smrsh configured and when I send mail to >my test mailman list, I see in the maillog the message going to >mailman and I get a message back from mailman telling me I can't post >to my list because I'm not on it. So it is at least getting into the >mailman program. That seems correct. >I created my initial 'mailman' list using bin/newlist mailman without errors. >However and here is where my problems seem to start, when I go to >listinfo web page, I don't see any lists at all. I don't see how to >add myself to that list. Two things control whether or not a list appears on the overview pages. The list's own 'advertised' attribute, and if VIRTUAL_HOST_OVERVIEW is Yes (the default), whether the host name in the list's hidden web_page_url attribute matches the accessing host. See <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.017.htp> and <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.062.htp>. >When I try to create a list from the web interface and I get the >following error: >Error: You are not authorized to create new mailing lists > >I've tried both the site password and the list creator's password, same. There have been other reports of this and I've never seen a good answer. The "You are not authorized to create new mailing lists" error occurs only if the provided "List creator's (authentication) password:" doesn't match either the site password or the list creator password. Other validation tests on the list name, the owner and the list password if any are applied before this, so presumably the form data are getting to the create CGI, but the only explanation I can come up with is that either the passwords aren't what you think they are (try resetting them with bin/mmsitepass), the password isn't being correctly transmitted by the web browse/web server, or the web server isn't accessing the same mailman installation as the command line utilities are accessing. >There is nothing in logs/error. > >The first step seems to be to be able to add myself to the 'mailman' >list on my server. By the way, is this list necessary? If I have >multiple vhosts, what is this list for? I don't really want mailman >messages coming from [EMAIL PROTECTED], I want it coming from >[EMAIL PROTECTED], for each vhost. This list is the source of monthly password reminders and certain bounce notifications that could otherwise cause bounce loops if a list owner's address bounces. It is required in Mailman 2.1.x, but it is going away in Mailman 2.2. Note that the password reminders are sent separately per vhost and do come from [EMAIL PROTECTED], but since there is only one name space for list names (also going away in 2.2), all the [EMAIL PROTECTED] lists are really the same list. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp