Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Hello Bob Perez, Hello Mark Sapiro On 2012-06-24 15:36, Mark Sapiro wrote: On 6/23/2012 12:33 PM, Bob Perez wrote: I see the error in the log with the list name I try to create (list1, etc) admin(10317): OSError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/list1.mbox' So looks like a permission problem. I ran ./check_perms and then check_db - Did not help. What does ls -ld /var/lib/mailman/archives/private show? What does ls -l /usr/lib/mailman/cgi-bin/create (assuming that's the correct path to the create wrapper) show? I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in mailman. Did not do this. Good. I see that the user mailman in the mailman group is the owner of the mailman files and directories, but after running the ./check_perms now root is the owner of the mailman group, however he is not a part of the group, so I made him a member - Same problem, even after restaring mailman with ./mailmanctl restart In general, the 'owner' of mailman's files doesn't matter. Everything is controlled by group permissions. All the qrunners run as group mailman. The web CGI wrappers are supposed to be SETGID and group mailman so they run with effective group mailman. I fell into that too. The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Mailman Admin writes: The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. The httpd doesn't need access to the archives; the mailman CGI does. So the CGI wrapper should be setgid mailman. Is it? This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. +1 to that, though. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Hello Stephen J. Turnbull On 2012-06-25 09:37, Stephen J. Turnbull wrote: Mailman Admin writes: The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. The httpd doesn't need access to the archives; the mailman CGI does. So the CGI wrapper should be setgid mailman. Is it? Yes it is. ls -ld /usr/lib/mailman/cgi-bin/ drwxr-sr-x 2 root mailman 4096 Jun 14 08:37 /usr/lib/mailman/cgi-bin/ ls -l /usr/lib/mailman/cgi-bin/ total 144 -rwxr-sr-x 1 root mailman 10832 May 18 19:18 admin -rwxr-sr-x 1 root mailman 10840 May 18 19:18 admindb -rwxr-sr-x 1 root mailman 10840 May 18 19:18 confirm -rwxr-sr-x 1 root mailman 10840 May 18 19:18 create -rwxr-sr-x 1 root mailman 10840 May 18 19:18 editarch -rwxr-sr-x 1 root mailman 10840 May 18 19:18 edithtml -rwxr-sr-x 1 root mailman 10840 May 18 19:18 listinfo -rwxr-sr-x 1 root mailman 10840 May 18 19:18 options -rwxr-sr-x 1 root mailman 10840 May 18 19:18 private -rwxr-sr-x 1 root mailman 10840 May 18 19:18 rmlist -rwxr-sr-x 1 root mailman 10840 May 18 19:18 roster -rwxr-sr-x 1 root mailman 10840 May 18 19:18 subscribe This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. +1 to that, though. Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Mailman Admin writes: On 2012-06-25 09:37, Stephen J. Turnbull wrote: Mailman Admin writes: The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. The httpd doesn't need access to the archives; the mailman CGI does. So the CGI wrapper should be setgid mailman. Is it? Yes it is. Is /var/lib/mailman/archives/private/ group-writable? If not, I'm stumped; it should be possible for the CGIs to write to it then. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Stephen J. Turnbull writes: The httpd doesn't need access to the archives; the mailman CGI does. So the CGI wrapper should be setgid mailman. Is it? Yes it is. Is /var/lib/mailman/archives/private/ group-writable? If not, I'm stumped; it should be possible for the CGIs to write to it then. That should say if *it is*, then I'm stumped. If not, we need to figure out why not, IME check_perms -f fixes that. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman2.1.7-15.12.1 from Mailman Web admin UI
Mailman Admin wrote: The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. I think Stephen has covered this well, but in case there is any remaining confusion, here's a summary. In order for web access to public archives to work, the web server, running as the web server user:group, must be able to search the archives/private directory. For other reasons (next paragraph), this directory must be group 'mailman' so in order for public archive access to work, the archives/private directory must be o+x or owned by the web server user. This has nothing to do with the create or other CGIs working because the CGI wrappers should all be group mailman and SETGID so the run with effective group mailman and that group should have sufficient access to do what the CGIs need to do. In this case, if the create CGI wrapper is group mailman and SETGID and the mailman group has rwx (actually rws for other reasons) access on archives/private, and the create gets the permission denied error, the SETGID must not be effective, perhaps because it's on a file system that doesn't allow it, but in that case, all the CGIs should have permission issues. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Mark, What does ls -ld /var/lib/mailman/archives/private show? Answer: drwxr-x--- 6 root mailman 160 June 22 13:50 /var/lib/mailman/archives/private What does ls -l /usr/lib/mailman/cgi-bin/create (assuming that's the correct path to the create wrapper) show? Answer: I have no directory called create in the /var/lib/mailman/ directory structure Thanks, Bob Perez From: Mark Sapiro m...@msapiro.net To:Bob Perez bpe...@novell.com CC:mailman-users@python.org Date: 6/24/2012 7:37 AM Subject: Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI On 6/23/2012 12:33 PM, Bob Perez wrote: I see the error in the log with the list name I try to create (list1, etc) admin(10317): OSError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/list1.mbox' So looks like a permission problem. I ran ./check_perms and then check_db - Did not help. What does ls -ld /var/lib/mailman/archives/private show? What does ls -l /usr/lib/mailman/cgi-bin/create (assuming that's the correct path to the create wrapper) show? I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in mailman. Did not do this. Good. I see that the user mailman in the mailman group is the owner of the mailman files and directories, but after running the ./check_perms now root is the owner of the mailman group, however he is not a part of the group, so I made him a member - Same problem, even after restaring mailman with ./mailmanctl restart In general, the 'owner' of mailman's files doesn't matter. Everything is controlled by group permissions. All the qrunners run as group mailman. The web CGI wrappers are supposed to be SETGID and group mailman so they run with effective group mailman. -- Mark Sapiro m...@msapiro.net The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Christian, Your suggestion fixed the problem ! Thank You. You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. Bob Perez From: Mailman Admin mailman-ad...@uni-konstanz.de To:Mark Sapiro m...@msapiro.net CC:Bob Perez bpe...@novell.com, mailman-users@python.org Date: 6/25/2012 1:24 AM Subject: Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI Hello Bob Perez, Hello Mark Sapiro On 2012-06-24 15:36, Mark Sapiro wrote: On 6/23/2012 12:33 PM, Bob Perez wrote: I see the error in the log with the list name I try to create (list1, etc) admin(10317): OSError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/list1.mbox' So looks like a permission problem. I ran ./check_perms and then check_db - Did not help. What does ls -ld /var/lib/mailman/archives/private show? What does ls -l /usr/lib/mailman/cgi-bin/create (assuming that's the correct path to the create wrapper) show? I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in mailman. Did not do this. Good. I see that the user mailman in the mailman group is the owner of the mailman files and directories, but after running the ./check_perms now root is the owner of the mailman group, however he is not a part of the group, so I made him a member - Same problem, even after restaring mailman with ./mailmanctl restart In general, the 'owner' of mailman's files doesn't matter. Everything is controlled by group permissions. All the qrunners run as group mailman. The web CGI wrappers are supposed to be SETGID and group mailman so they run with effective group mailman. I fell into that too. The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List inMailman 2.1.7-15.12.1 from Mailman Web admin UI
Bob Perez wrote What does ls -ld /var/lib/mailman/archives/private show? Answer: drwxr-x--- 6 root mailman 160 June 22 13:50 /var/lib/mailman/archives/private chmod 2771 /var/lib/mailman/archives/private should fix the problem. The mailman group needs write access to this directory and it should be SETGID so new subordinates are created whit group mailman. If multiple users have access to the file system on this server and you are concerned that they might be able to see private list archives, then do chmod 2770 /var/lib/mailman/archives/private chown xxx:mailman /var/lib/mailman/archives/private where xxx is the user that the web server runs as. What does ls -l /usr/lib/mailman/cgi-bin/create (assuming that's the correct path to the create wrapper) show? Answer: I have no directory called create in the /var/lib/mailman/directory structure How about /usr/lib/mailman/cgi-bin/create? -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Uncaught runner exception, No such file or directory for files in bounces directory
Hi, today we successfully upgraded our installation from 2.1.14 to 2.1.15. Thanks for that! I have to admit that Mailman generally works so flawlessly that I usually don't look at its logs. Because of the update, today I did. And I noticed a pattern that I don't understand. It's not new, but I only noticed it today. I've searched the list archives, but didn't find anything appropriate. Every day, we get several of these entries in the error log: 2.1.14: Jun 25 08:00:17 2012 (12651) Skipping and preserving unparseable message: 1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85 Jun 25 08:00:17 2012 (12651) Uncaught runner exception: [Errno 2] No such file or directory: '/var/spool/mailman/bounces/1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85.pck' Jun 25 08:00:17 2012 (12651) Traceback (most recent call last): File /usr/lib/mailman/Mailman/Queue/Runner.py, line 100, in _oneloop msg, msgdata = self._switchboard.dequeue(filebase) File /usr/lib/mailman/Mailman/Queue/Switchboard.py, line 154, in dequeue fp = open(filename) IOError: [Errno 2] No such file or directory: '/var/spool/mailman/bounces/1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85.pck' Jun 25 08:00:17 2012 (12651) Skipping and preserving unparseable message: 1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85 2.1.15: Jun 25 14:57:40 2012 (17936) Uncaught runner exception: [Errno 2] No such file or directory: '/var/spool/mailman/bounces/1340629059.7912431+ac4d5683bef1c9339cfd32283c3ae1a9b814cecb.pck' Jun 25 14:57:40 2012 (17936) Traceback (most recent call last): File /usr/lib/mailman/Mailman/Queue/Runner.py, line 99, in _oneloop msg, msgdata = self._switchboard.dequeue(filebase) File /usr/lib/mailman/Mailman/Queue/Switchboard.py, line 154, in dequeue fp = open(filename) IOError: [Errno 2] No such file or directory: '/var/spool/mailman/bounces/1340629059.7912431+ac4d5683bef1c9339cfd32283c3ae1a9b814cecb.pck' Jun 25 14:57:40 2012 (17936) Skipping and preserving unparseable message: 1340629059.7912431+ac4d5683bef1c9339cfd32283c3ae1a9b814cecb The messages are preserved in the bad directory, which is culled regularly using cull_bad_shunt. When I look at them with dumpdb -p, I see bounces. I understand that the usual reason for that is an unparseable message, as the logging indicates, but in this case it's apparently a failed open command. Is that a race condition, a purely cosmetic issue, or something that should be fixed? Thanks, Sebastian -- Sebastian Hagedorn - Listmaster - RZKR-R1 (Gebäude 52), Zimmer 18 Regionales Rechenzentrum (RRZK) Universität zu Köln / Cologne University - Tel. +49-221-478-5587-- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Uncaught runner exception, No such file or directory for files in bounces directory
Sebastian Hagedorn wrote: Every day, we get several of these entries in the error log: 2.1.14: Jun 25 08:00:17 2012 (12651) Skipping and preserving unparseable message: 1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85 Jun 25 08:00:17 2012 (12651) Uncaught runner exception: [Errno 2] No such file or directory: '/var/spool/mailman/bounces/1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85.pck' Jun 25 08:00:17 2012 (12651) Traceback (most recent call last): File /usr/lib/mailman/Mailman/Queue/Runner.py, line 100, in _oneloop msg, msgdata = self._switchboard.dequeue(filebase) File /usr/lib/mailman/Mailman/Queue/Switchboard.py, line 154, in dequeue fp = open(filename) IOError: [Errno 2] No such file or directory: '/var/spool/mailman/bounces/1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85.pck' Jun 25 08:00:17 2012 (12651) Skipping and preserving unparseable message: 1340604017.5663309+f03cd934fd9f24fb5ee97e641a2bf0611a43df85 See the FAQ at http://wiki.list.org/x/_4A9. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Uncaught runner exception, No such file or directory for files in bounces directory
--On 25. Juni 2012 08:22:32 -0700 Mark Sapiro m...@msapiro.net wrote: See the FAQ at http://wiki.list.org/x/_4A9. Oops ... sorry. There was in fact a very old BounceRunner that had somehow survived a restart of Mailman. Thanks, Sebastian -- .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:.-- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List inMailman 2.1.7-15.12.1 from Mailman Web admin UI
Mark Sapiro writes: What does ls -l /usr/lib/mailman/cgi-bin/create (assuming that's the correct path to the create wrapper) show? Answer: I have no directory called create in the /var/lib/mailman/directory structure As Mark points out, it's /usr/..., not /var/ Many installations link the /usr/lib/mailman directories into the /var/lib/mailman tree for convenience, but not all do. How about /usr/lib/mailman/cgi-bin/create? I suspect on many distros it's more likely to be /usr/lib/cgi-bin/mailman/create (note inversion of cgi-bin and mailman in the path). I would guess that the rationale is security eggs in one basket. For the webserver admin There's One Obvious Place To Look For It, which is important if they're not the same person as the mailman admin. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
