[Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists
I have access to practically nothing, neither config.pck nor mm_cfg.py, but was able to wait out the problem as reported earlier. In hindsight, I think this problem was more to do with the fact that I run three lists on this server, two of which have the same list admin password, one of which doesn't. If the developer team were thinking too pointy-headedly while developing it, and stored a hash of the password as a cookie value, and it didn't match, but they didn't incorporate the list name into the cookie name, then that might lead to an issue such as the one I experienced. I'm just glad to have this task out of the way, and without having to wait for a people's paradise bureaucratic synaptic gap to be jumped.Thankfully, the patience for people's paradises is coming to an end. Ch. -Original Message- From: Stephen J. Turnbull Sent: Thursday, 6 July 2023 19:13 To: Richard Damon Cc: mailman-users@python.org Subject: [Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists Anyway, it would be easy to check if Charles has access to mm_cfg.py. (I don't think there's anything in config.pck that affects the URL scheme.) Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: c...@buckley.ch -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists
This is really useful information. Thanks very much! Unfortunately I don't have shell access to my virtual server, or even access to files outside of those for my webserver. I can't find the config.pck file anywhere. I used to run complete servers of various flavors, but the amount of that sort of work I do these days is not enough to merit their upkeep. I packed up most of my servers and stored them elsewhere. So in order to do what you suggest, assuming I could get at the pickle file, I'd have to set up a virtual machine with Apache and mailman installed on my PC, and then do the manipulation there. I can do all that, but it seems like a lot of work. I see that there are online Pickle file editing tools (though the most likely candidate I found is offline at the moment). Were I to be able to access the .pck file, would it not suffice to download it, upload it into the file editing tool, make the change, save the file, and then swap the .pck file on the server with the edited one? Or does config_list do something else? Maybe I could get my host provider to do that edit for me . . . . or at least swap the file for me. Actually, the problem that led me to report this issue resolved itself after a fashion. When I first encountered the problem, I waited a day and tried the privacy flag hack described previously. Then that stopped working, so I reported the error. Meanwhile I left the web server alone for a day, and then went to it this morning to try again. I turned off the privacy flag, deleted the footer, and reenabled the privacy flag without any problems. So there is likely some rogue cookie that gets set that expires after a day. In any case, now I can wait patiently for the glacial wheels of bureaucracy to grind, and still get done what I need to do. I'm happy to do testing to help reproduce the problem, of course. Thanks for all your assistance. Ch. -Original Message- From: Mark Sapiro Sent: Thursday, 6 July 2023 05:27 To: mailman-users@python.org Subject: [Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists On 7/5/23 7:51 PM, Charles Buckley wrote: > > Heck, if I knew where the footer data was stored, I'd be happy to go in and > edit the file by hand, the web page be damned. I just want to get this > delivered and out of the way. Watch it probably be in some DB for which > there was never any compelling need. The data are in a Python pickle in Mailman's lists//config.pck. If you have access to that, you should also have access to Mailman's bin/config_list, and creating a file containing only msg_footer = '' and running something like bin/config_list -i /path/to/that/file listnsme will do it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: c...@buckley.ch -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists
It is disturbing that they don't keep up, but they're in Austria (or maybe Switzerland). People are conservative there, because they have elaborate acceptance criteria. I once had a customer go live with a national regulated server running on a beta version of Java Server Pages, and leave that up for years, just because they didn't want to go through the upgrade process. I've suggested that my provider read this list -- maybe something good will come out of it. Ch. -Original Message- From: Carl Zwanzig Sent: Wednesday, 5 July 2023 23:01 To: mailman-users@python.org Subject: [Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists On 7/5/2023 12:54 PM, Charles Buckley wrote: > My server is one of those shared servers, to which I do not have shell > access. Mailman would have to be reinstalled by the sysadmins -- I > can't do it. I have involved them, but they're still coming up to > speed. That in itself is a trifle worrying-- a provider that hasn't been keeping their software even reasonably up-to-date. 2.1.39 was released 13-Dec-2021 2.1.16 was released 16-Oct-2013 (so 2.1.15 was before that, so call it ten years old) IMNSHO, there's no excuse for being that far out of date. Later, z! -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: c...@buckley.ch -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists
Answer I can provide that usefully add value are listed below: I actually precisely wrote what I did. I started reverse engineering how to solve the problem, using my other two preexisting lists. One was already 'public' (meaning browsable). Since I could delete the footer on that one without changing to browsable, I tried eliminating the footer on the other non-browsable list by changing it to browsable. That worked, but I couldn't do the same magic on the non-browsable list I wanted to change, apparently because of the same bug. The fact that all three browsers installed on my PC demonstrate the same misbehaviour suggest it is indeed NOT a browser issue. You asked about how mailman is installed. This is a shared server running Plesk. I have the right to install my own applications that are available as installable packages. Once these are installed, I get nagged *frequently* about upgrading these packages I install to the most recent version. But mailman is part of the base package, so I never get invited to update that one. I have suggested to the service provider that they do this, but so far they're just thinking about it. They asked for access to the list so they could see the behavior themselves. To pick up on what Carl Zwanzig wrote and synthesize it with what you wrote, the bug is probably in the code implementing the actions of the 'Submit my changes' button. I suppose that would be the next place to look, but I thought that, since this problem had been around so long, someone would know a workaround that would save me an extended session of webpage archaeology. Heck, if I knew where the footer data was stored, I'd be happy to go in and edit the file by hand, the web page be damned. I just want to get this delivered and out of the way. Watch it probably be in some DB for which there was never any compelling need. Ch. -Original Message- From: Mark Sapiro Sent: Wednesday, 5 July 2023 22:39 To: mailman-users@python.org Subject: [Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists On 7/5/23 1:27 AM, Charles Buckley wrote: > > I experimented with this a bit, and found that I could eliminate the footer > on my public (browsable) list on the same server. So I tried converting my > other private (non-browsable) list to be browsable, at which point I could > eliminate the footer, and then switch the list back to being non-browsable. You said in a reply that on this list you actually needed to set the list `public` before you could successfully change msg_footer. > But once I tried to implement the workaround on the non-browsable list I > wanted to change, I got the same defective behaviour when trying to switch > the list to be browsable -- I would get redirected to the admin login page > for the list in question, log in successfully, only to come back and find > myself on the same privacy page, with no changes having been made. This is quit strange. The behavior you observe is a result of your login cookie being lost. I could conjecture that there's something in the browser that's not saving the cookie when this list's name is in the URL, but the fact that you can make some changes to the other list including switching it from private to public but can change msg_footer only when it's public belies that. > I have also posted this as a bug via the Mailman launchpad. This behaviour > appears to be browser-independent; I have tried it on Firefox, Chrome, and > Edge. More confirmation that it's not a browser issue. I have added a comment to your bug report to see this thread. Do you know how Mailman is installed on the server? Is it from source or a third party package? I can't see anything in the admin UI code that would effectively log you out upon submission of an update form, but this is what's happening. Either your login cookie is being removed or for some reason, not being saved. Normally, I would suspect the issues in the FAQ at <https://wiki.list.org/x/4030614>, but those normally affect all changes to all lists, so that may not be relevant here. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: c...@buckley.ch -- Mailman-Users mailing list -- mailma
[Mailman-Users] Re: Mailman 2.1.15 doesn't allow admin changes on private lists
Hello, Thanks for answering. If the first private list I could successfully change by making it non-private also behaved as the 'recalcitrant list' before I did so, then I would suggest that it's a mailman issue. My server is one of those shared servers, to which I do not have shell access. Mailman would have to be reinstalled by the sysadmins -- I can't do it. I have involved them, but they're still coming up to speed. The only errors I can find in the error_log files are errors not related to mailman. There is no python exception. I attach a copy of the message I sent to the original poster of the error in 2000. The message hasn't yet bounced, but neither have I received an answer. You must admit, the descriptions are pretty similar, but the trick with making the list non-private wasn't yet discovered. Ch. -Original Message- From: Stephen J. Turnbull Sent: Wednesday, 5 July 2023 21:12 To: Charles Buckley Cc: mailman-users@python.org Subject: [Mailman-Users] Mailman 2.1.15 doesn't allow admin changes on private lists Charles Buckley writes: > I experimented with this a bit, and found that I could eliminate > the > footer on my public (browsable) list on the same server. So I > tried > converting my other private (non-browsable) list to be > browsable, at > which point I could eliminate the footer, and then > switch the list back > to being non-browsable. > > But once I tried to implement the workaround on the non-browsable > list I > wanted to change, I got the same defective behaviour when > trying to > switch the list to be browsable Did you test on the second private list *without* changing the "private" flag? If not, my guess is that the private flag is a red herring, and that there is some other issue with the recalcitrant list that causes you to get bounced back to the login page. Please check the Mailman and webserver logs to see if there is evidence of errors there. With luck there will be a Python traceback from an exception. If you're using Apache as the webserver, tracebacks are usually in the error.log, and there may be a 5xx status in the access.log (I bet not though since you get served the login page rather than a Server Error page, and that makes me somewhat pessimistic about finding a traceback in error.log). > I saw a report of this behaviour on this mailing list from the year > 2000. If you have an URL for this post, or a timestamp, or even a precise date, it might be helpful. I can't find it. > It is still going on now in 2023. One would think that some > information > on how to workaround this bug would have been found > between now and back > then. I rather doubt it's the same bug (but it's worth comparing). Mailman 2.0 was in beta in 2000, and pretty much anything from mail composed by badly written Japanese MUAs to mail composed by the even less conformant Windows 2000 Outlook betas could crash it. Mailman 2.1 was released in 2006 with a *lot* of attention to input validation and exception handling, although more on the email side than the web UI side. > Note that, when I am able to successfully change a setting, I am > never > sent back to the list admin login page. That's expected. My guess is that some content, probably an invisible control character in a text field in the form (I've seen ^T mentioned more than once, don't ask me why), is causing the form parser to raise an exception, which who-knows-why gets caught by the not-logged-in handler. (My guesses are close to correct about 20% of the time. Good enough to look there first, but don't bet your car. ;-) I think all the browsers you mention have developer modes or plugins. Mailman pages don't have horribly complicated DOMs, so if you want to go through either the DOM or the page source for the form and see if you can spot some weird character in one of the fields (likely, but not certainly, the footer you're trying to change), you might have some luck. Also, "_" (underscore) may be a "weird character" -- Mailman 3's list importer complains about footers that contain it. (Who knows why, I don't think it's weird, but Mailman 3 does kvetch.) Regards, Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: c...@buckley.ch --- Begin Message --- Hello Mr. Barton, 2
[Mailman-Users] Mailman 2.1.15 doesn't allow admin changes on private lists
I run three Mailman lists on my web server, one browsable and two non-browsable. I wanted to eliminate the footer that gets added to the bottom of messages distributed by one of the private (non-browsable) lists. When I tried to do this, I would browse to the admin non-digest page, delete the contents of the Footer field, and hit "Submit my changes". This would send me to a login for admin privileges of the list in question. I would log back in, only to find myself on the page I had just modified, but the modification I made did not take place. I experimented with this a bit, and found that I could eliminate the footer on my public (browsable) list on the same server. So I tried converting my other private (non-browsable) list to be browsable, at which point I could eliminate the footer, and then switch the list back to being non-browsable. But once I tried to implement the workaround on the non-browsable list I wanted to change, I got the same defective behaviour when trying to switch the list to be browsable -- I would get redirected to the admin login page for the list in question, log in successfully, only to come back and find myself on the same privacy page, with no changes having been made. I saw a report of this behaviour on this mailing list from the year 2000. It is still going on now in 2023. One would think that some information on how to workaround this bug would have been found between now and back then. Note that, when I am able to successfully change a setting, I am never sent back to the list admin login page. I have also posted this as a bug via the Mailman launchpad. This behaviour appears to be browser-independent; I have tried it on Firefox, Chrome, and Edge. Any advice would be appreciated. Charles Buckley -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
