Re: [Mailman-Users] config.pck get changed back from correct values...

Mark Sapiro Thu, 29 Jan 2009 08:20:58 -0800

john espiro wrote:
>
>so...
>1.) How do I tell if the CGI wrappers are SETID?



bin/check_perms should check this, but the following

[m...@sbh16 ~]$ ls -l ~mailman/cgi-bin/
total 208
-rwxr-sr-x 1 root mailman 15989 Jan 11 11:16 admin
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 admindb
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 confirm
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 create
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 edithtml
-rwxr-sr-x 1 root mailman 15989 Jan 11 11:16 htdig
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 listinfo
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 mmsearch
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 options
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 private
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 rmlist
-rwxr-sr-x 1 root mailman 15993 Jan 11 11:16 roster
-rwxr-sr-x 1 root mailman 15997 Jan 11 11:16 subscribe
[m...@sbh16 ~]$

shows the SETGID bit as the 's' in -rwxr-sr-x


>To get everything to work properly, the files need to be set as 
>webadmin:mailman.


Which should not be necessary. owner shouldn't matter. Only group
matters in a properly configured Mailman installation.


>or, how do I tell #2 (webserver/OS not honoring SETGID)?


If the files in cgi-bin have permissions as above, and the
subdirectories of lists/ have group and permissions like

[m...@sbh16 ~]$ ls -l lists/
total 28
drwxrwsr-x 3 root   mailman 4096 Jan 29 03:30 century-announce
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 gpc-century
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 gpc-talk
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 gpc-test
drwxrwsr-x 2 apache mailman 4096 Jan 29 03:30 gpc-website
drwxrwsr-x 2 root   mailman 4096 Jan 29 08:00 mailman
drwxrwsr-x 2 root   mailman 4096 Jan 29 03:30 wed_ride
[m...@sbh16 ~]$


then the web interface should work.


>I am running APache, if that helps.


Are you running Apache with suEXEC? If so, you will probably have
issues because the suEXEC security strategy is in conflict with
Mailman's security strategy.

-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] config.pck get changed back from correct values...

Reply via email to