[Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Dave Arndt 
After installing mailman (with yum), I get an error when attempting to
access the listinfo page:

"Internal Server Error"


Inspecting the logs in httpd, I see this in suexec-log:

command listinfo not in docroot (10005)

I do NOT have the option of disabling suexec.

After considerable time spent looking into this, it seems that I need to
have mailman installed under "DocumentRoot", which on my host appears to be
/var/www/html

Further reading indicates that i cannot use the "installroot" option on yum
to change the installation root directory, UNLESS I've created my own
custom RPM.  That rules that out.

So now, I'm resorting to 100% manual installation...

My questions are:

1) Am I taking the right approach in solving this problem?  That is, by
installing under docroot, will it address the Apache suexec problem we're
seeing?

2) If docroot is /var/www/html, do i create the mailman directory
*directly* beneath the /var/www.html folder?  i.e. - /var/www.html/mailman
(that just doesn't seem right...?)

Is there some other way to solve this problem?  (Very difficult package to
get installed and running, unless your a huge linux/mailman guru, I
guess...)

Thanks,

- da
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Dave Arndt 
PS: The symlink does indeed point to the correct mailman cgi folder:

/usr/lib/mailman/cgi-bin

/var/www.html/mailman-cgi-bin

Both of these folders have:

admin admindb confim create edithtml listinfo options private rmlist roster
subscribe



On Sat, Nov 28, 2015 at 12:35 PM, Dave Arndt  wrote:

> More info on this:
>
> I added a symlink under "DocumentRoot" (which is specified as
> /var/www/html on my system), so the link is  "/var/www/html/
> *mailman-cgi-bin*" , and added a ScriptAlias in httpd.conf to point there:
>
> ScriptAlias /*mailman*/ "/var/www/html/*mailman-cgi-bin*/"
>
> After adding the alias, I restarted apache: "apachectl restart"
>
> Still no luck.
>
> When I attempt to access the ~/*mailman*/listinfo page, I still get the
> "InternalAccessError" and this line in suexec_log:
>
> "command listinfo not in docroot (10005)"
>
> What could I being doing wrong here?
>
>
>
>
>
>
>
> On Sat, Nov 28, 2015 at 11:30 AM, Dave Arndt  wrote:
>
>> After installing mailman (with yum), I get an error when attempting to
>> access the listinfo page:
>>
>> "Internal Server Error"
>>
>>
>> Inspecting the logs in httpd, I see this in suexec-log:
>>
>> command listinfo not in docroot (10005)
>>
>> I do NOT have the option of disabling suexec.
>>
>> After considerable time spent looking into this, it seems that I need to
>> have mailman installed under "DocumentRoot", which on my host appears to be
>> /var/www/html
>>
>> Further reading indicates that i cannot use the "installroot" option on
>> yum to change the installation root directory, UNLESS I've created my own
>> custom RPM.  That rules that out.
>>
>> So now, I'm resorting to 100% manual installation...
>>
>> My questions are:
>>
>> 1) Am I taking the right approach in solving this problem?  That is, by
>> installing under docroot, will it address the Apache suexec problem we're
>> seeing?
>>
>> 2) If docroot is /var/www/html, do i create the mailman directory
>> *directly* beneath the /var/www.html folder?  i.e. - /var/www.html/mailman
>> (that just doesn't seem right...?)
>>
>> Is there some other way to solve this problem?  (Very difficult package
>> to get installed and running, unless your a huge linux/mailman guru, I
>> guess...)
>>
>> Thanks,
>>
>> - da
>>
>>
>>
>>
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Dave Arndt 
On Sat, Nov 28, 2015 at 12:43 PM, Laura Creighton  wrote:

> selinux


Running "getenforce" returns "Disabled"
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Dave Arndt 
More info on this:

I added a symlink under "DocumentRoot" (which is specified as /var/www/html
on my system), so the link is  "/var/www/html/*mailman-cgi-bin*" , and
added a ScriptAlias in httpd.conf to point there:

ScriptAlias /*mailman*/ "/var/www/html/*mailman-cgi-bin*/"

After adding the alias, I restarted apache: "apachectl restart"

Still no luck.

When I attempt to access the ~/*mailman*/listinfo page, I still get the
"InternalAccessError" and this line in suexec_log:

"command listinfo not in docroot (10005)"

What could I being doing wrong here?







On Sat, Nov 28, 2015 at 11:30 AM, Dave Arndt  wrote:

> After installing mailman (with yum), I get an error when attempting to
> access the listinfo page:
>
> "Internal Server Error"
>
>
> Inspecting the logs in httpd, I see this in suexec-log:
>
> command listinfo not in docroot (10005)
>
> I do NOT have the option of disabling suexec.
>
> After considerable time spent looking into this, it seems that I need to
> have mailman installed under "DocumentRoot", which on my host appears to be
> /var/www/html
>
> Further reading indicates that i cannot use the "installroot" option on
> yum to change the installation root directory, UNLESS I've created my own
> custom RPM.  That rules that out.
>
> So now, I'm resorting to 100% manual installation...
>
> My questions are:
>
> 1) Am I taking the right approach in solving this problem?  That is, by
> installing under docroot, will it address the Apache suexec problem we're
> seeing?
>
> 2) If docroot is /var/www/html, do i create the mailman directory
> *directly* beneath the /var/www.html folder?  i.e. - /var/www.html/mailman
> (that just doesn't seem right...?)
>
> Is there some other way to solve this problem?  (Very difficult package to
> get installed and running, unless your a huge linux/mailman guru, I
> guess...)
>
> Thanks,
>
> - da
>
>
>
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Laura Creighton 
Do you have selinux installed?  It can cause a gazillion problems.

Laura
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Laura Creighton 
In a message of Sat, 28 Nov 2015 12:48:52 -0500, Dave Arndt writes:
>On Sat, Nov 28, 2015 at 12:43 PM, Laura Creighton  wrote:
>
>> selinux

That eliminates a lot of hell.  Good.  I wish I could be of more help,
but that much I do know.

Laura
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Mark Sapiro 
On 11/28/2015 08:30 AM, Dave Arndt wrote:
> 
> My questions are:
> 
> 1) Am I taking the right approach in solving this problem?  That is, by
> installing under docroot, will it address the Apache suexec problem we're
> seeing?


Maybe. See 


> 2) If docroot is /var/www/html, do i create the mailman directory
> *directly* beneath the /var/www.html folder?  i.e. - /var/www.html/mailman
> (that just doesn't seem right...?)


The above FAQ seems to indicate that /var/www/html/mailman is correct.

Also, have you looked at all 20 steps under "suEXEC Security Model" at
?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] command listinfo not in docroot (10005)

2015-11-28 Thread Stephen J. Turnbull 
Mark Sapiro writes:
 > On 11/28/2015 08:30 AM, Dave Arndt wrote:

 > > My questions are:
 > > 
 > > 1) Am I taking the right approach in solving this problem?  That is, by
 > > installing under docroot, will it address the Apache suexec problem we're
 > > seeing?

Which docroot?  suEXEC has its own docroot configured, which may be
different from Apache's (or maybe not, the docs are unclear on this).

 > Maybe. See 
 > 
 > 
 > > 2) If docroot is /var/www/html, do i create the mailman directory
 > > *directly* beneath the /var/www.html folder?  i.e. -
 > > /var/www.html/mailman (that just doesn't seem right...?)

As you say, that just doesn't feel right; usual security models say
keep your executables out of the document tree.  Whoever configured
your suEXEC may have felt the same way.  Also, according to the docs
referenced below, --suexec-docroot defaults to $(DATADIR)/htdocs.  I
suspect your $(DATADIR) is indeed /var/www, and you evidently have the
"root" for Apache itself set to /var/www/html, but if that value was
defaulted for suEXEC, suEXEC may think --suexec-docroot=/var/www/htdocs.

You may also be running into one of the other restrictions, such as
uidmin or gidmin.  Eg, on my Debian system Mailman's uid = gid = 38,
but in suEXEC's default, uidmin = gidmin = 100, so I'd lose.  (In that
case suEXEC's error log is confusing, but that kind of thing happens.)

 > Also, have you looked at all 20 steps under "suEXEC Security Model" at
 > ?

You're right, suEXEC is very difficult software to work with.  You
can't blame that on Mailman, though, and if you got suEXEC from your
distro, you should file a bug with them (probably on the Mailman
package).  If it's locally built by your Information Thuggery
department, they should get the "glory".

BTW, I disagree with Mark's wording on "different security models".  I
would say that the two security models are the same, except for who
keeps the keys to the bus.  Apache expects that suEXEC will be
driving, while Mailman is designed as the designated driver.  (Cue
"Three Stooges" schtick with Larry, Curly, and Moe all trying to get
into the driver's seat simultaneously.)
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org