Chris Petrik wrote: > >Now when I try to go to the admin section of the webui for the mailing I >get the bug page. Which is easily fixed by changing the owner from >mailman to www. > >I tried adding mailman to group www but that doesn't seem to work.
It should work. See the FAQ at <http://wiki.list.org/x/tYA9> for more on this, but basically, Mailman's directories are group mailman and SETGID so that subordinate files are created with group mailman. Mailman's Cgi wrappers and mail wrapper are group mailman and SETGID so they run with effective group mailman. Mailman's qrunners run as user:group mailman:mailman. The whole thing is based on anything that is running in group mailman has write permission on all the mutable directories and their contents. If your OS does not allow user:group www:mailman to do certain operations on files owned by mailman:mailman even though the mailman group has write permission and likewise for group mailman:mailman on files owned by www:mailman, you will not be able to avoid these issues. Mailman is known to work on FreeBSD, so there must be something you can do to enable this. In a followup Chris added: >I recompiled mailman with the cgi_gid changed to mailman and the apache >config to be changed as AssignUserID mailman mailman and now I don't get >the bug page and all is well. This is not a good idea. It means the web server now runs as mailman:mailman and can access anything in Mailman's tree without necessarily going through the authentication in the CGIs. There may not be any URLs that can do this, but consider http://www.example.com/pipermail/../../lists for example. >I will continue to monitor the mailman >services too see if any more perm issues arise before I create >production mailing lists. > >I am not sure if this is the proper way to run mailman but it seems to >work, since the web panel is always open to issues and bug reports which >is awesome it is not that hard to explain to them the issue and have >them fix it. Seems rather obvious mailman creates files as user mailman >but editing the files in a web browser creates the files as the running >user of the web server IE: www if I am not mistaken using the itk patch >will allow the web server to create/edit files as the user set in the >AssignUSerID directive in apache. I don't know how your web server works, but the owner = www or mailman shouldn't matter as everything should be based on group. Possibly, the issue is the web server is not honoring the SETGID bit on the CGI wrappers. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org