Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Christian, Your suggestion fixed the problem ! Thank You. You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. Bob Perez >>> From: Mailman Admin To:Mark Sapiro CC:Bob Perez , Date: 6/25/2012 1:24 AM Subject: Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI Hello Bob Perez, Hello Mark Sapiro On 2012-06-24 15:36, Mark Sapiro wrote: > On 6/23/2012 12:33 PM, Bob Perez wrote: >> >> I see the error in the log with the list name I try to create ("list1", etc) >> admin(10317): OSError: [Errno 13] Permission denied: >> '/var/lib/mailman/archives/private/list1.mbox' >> >> So looks like a permission problem. I ran ./check_perms and then check_db - >> Did not help. > > What does "ls -ld /var/lib/mailman/archives/private" show? > > What does "ls -l /usr/lib/mailman/cgi-bin/create" (assuming that's the > correct path to the create wrapper) show? > >> I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in >> mailman. Did not do this. > > Good. > >> I see that the user "mailman" in the "mailman group is the owner of the >> mailman files and directories, but after running the ./check_perms now >> "root" is the owner of the "mailman" group, however he is not a part of the >> group, so I made him a member - Same problem, even after restaring mailman >> with ./mailmanctl restart > > In general, the 'owner' of mailman's files doesn't matter. Everything is > controlled by group permissions. All the qrunners run as group > "mailman". The web CGI wrappers are supposed to be SETGID and group > "mailman" so they run with effective group "mailman". > I fell into that too. The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Mark, What does "ls -ld /var/lib/mailman/archives/private" show? Answer: "drwxr-x--- 6 root mailman 160 June 22 13:50 /var/lib/mailman/archives/private" What does "ls -l /usr/lib/mailman/cgi-bin/create" (assuming that's the correct path to the create wrapper) show? Answer: I have no directory called "create" in the /var/lib/mailman/ directory structure Thanks, Bob Perez >>> From: Mark Sapiro To:Bob Perez CC: Date: 6/24/2012 7:37 AM Subject: Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI On 6/23/2012 12:33 PM, Bob Perez wrote: > > I see the error in the log with the list name I try to create ("list1", etc) > admin(10317): OSError: [Errno 13] Permission denied: > '/var/lib/mailman/archives/private/list1.mbox' > > So looks like a permission problem. I ran ./check_perms and then check_db - > Did not help. What does "ls -ld /var/lib/mailman/archives/private" show? What does "ls -l /usr/lib/mailman/cgi-bin/create" (assuming that's the correct path to the create wrapper) show? > I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in > mailman. Did not do this. Good. > I see that the user "mailman" in the "mailman group is the owner of the > mailman files and directories, but after running the ./check_perms now "root" > is the owner of the "mailman" group, however he is not a part of the group, > so I made him a member - Same problem, even after restaring mailman with > ./mailmanctl restart In general, the 'owner' of mailman's files doesn't matter. Everything is controlled by group permissions. All the qrunners run as group "mailman". The web CGI wrappers are supposed to be SETGID and group "mailman" so they run with effective group "mailman". -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Stephen J. Turnbull writes: > > > The httpd doesn't need access to the archives; the mailman CGI does. > > > So the CGI wrapper should be setgid mailman. Is it? > > > > > > > Yes it is. > > Is /var/lib/mailman/archives/private/ group-writable? If not, I'm > stumped; it should be possible for the CGIs to write to it then. That should say "if *it is*, then I'm stumped. If not, we need to figure out why not, IME check_perms -f fixes that. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Mailman Admin writes: > On 2012-06-25 09:37, Stephen J. Turnbull wrote: > > Mailman Admin writes: > > > > > The problem is, that even after bin/fixurl is run, the archive directory > > > /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . > > > You have to set it to wwwrun:mailman, in order for the apache server to > > > have write access to it too. > > > > The httpd doesn't need access to the archives; the mailman CGI does. > > So the CGI wrapper should be setgid mailman. Is it? > > > > Yes it is. Is /var/lib/mailman/archives/private/ group-writable? If not, I'm stumped; it should be possible for the CGIs to write to it then. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Hello Stephen J. Turnbull On 2012-06-25 09:37, Stephen J. Turnbull wrote: > Mailman Admin writes: > > > The problem is, that even after bin/fixurl is run, the archive directory > > /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . > > You have to set it to wwwrun:mailman, in order for the apache server to > > have write access to it too. > > The httpd doesn't need access to the archives; the mailman CGI does. > So the CGI wrapper should be setgid mailman. Is it? > Yes it is. ls -ld /usr/lib/mailman/cgi-bin/ drwxr-sr-x 2 root mailman 4096 Jun 14 08:37 /usr/lib/mailman/cgi-bin/ ls -l /usr/lib/mailman/cgi-bin/ total 144 -rwxr-sr-x 1 root mailman 10832 May 18 19:18 admin -rwxr-sr-x 1 root mailman 10840 May 18 19:18 admindb -rwxr-sr-x 1 root mailman 10840 May 18 19:18 confirm -rwxr-sr-x 1 root mailman 10840 May 18 19:18 create -rwxr-sr-x 1 root mailman 10840 May 18 19:18 editarch -rwxr-sr-x 1 root mailman 10840 May 18 19:18 edithtml -rwxr-sr-x 1 root mailman 10840 May 18 19:18 listinfo -rwxr-sr-x 1 root mailman 10840 May 18 19:18 options -rwxr-sr-x 1 root mailman 10840 May 18 19:18 private -rwxr-sr-x 1 root mailman 10840 May 18 19:18 rmlist -rwxr-sr-x 1 root mailman 10840 May 18 19:18 roster -rwxr-sr-x 1 root mailman 10840 May 18 19:18 subscribe > > This was changed by the last update of mailman via SLES 10 updates, > > therefore is a distro bug. > > +1 to that, though. > Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Mailman Admin writes: > The problem is, that even after bin/fixurl is run, the archive directory > /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . > You have to set it to wwwrun:mailman, in order for the apache server to > have write access to it too. The httpd doesn't need access to the archives; the mailman CGI does. So the CGI wrapper should be setgid mailman. Is it? > This was changed by the last update of mailman via SLES 10 updates, > therefore is a distro bug. +1 to that, though. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
Hello Bob Perez, Hello Mark Sapiro On 2012-06-24 15:36, Mark Sapiro wrote: > On 6/23/2012 12:33 PM, Bob Perez wrote: >> >> I see the error in the log with the list name I try to create ("list1", etc) >> admin(10317): OSError: [Errno 13] Permission denied: >> '/var/lib/mailman/archives/private/list1.mbox' >> >> So looks like a permission problem. I ran ./check_perms and then check_db - >> Did not help. > > What does "ls -ld /var/lib/mailman/archives/private" show? > > What does "ls -l /usr/lib/mailman/cgi-bin/create" (assuming that's the > correct path to the create wrapper) show? > >> I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in >> mailman. Did not do this. > > Good. > >> I see that the user "mailman" in the "mailman group is the owner of the >> mailman files and directories, but after running the ./check_perms now >> "root" is the owner of the "mailman" group, however he is not a part of the >> group, so I made him a member - Same problem, even after restaring mailman >> with ./mailmanctl restart > > In general, the 'owner' of mailman's files doesn't matter. Everything is > controlled by group permissions. All the qrunners run as group > "mailman". The web CGI wrappers are supposed to be SETGID and group > "mailman" so they run with effective group "mailman". > I fell into that too. The problem is, that even after bin/fixurl is run, the archive directory /var/lib/mailman/archives/private/ has owner:group = mailman:mailman . You have to set it to wwwrun:mailman, in order for the apache server to have write access to it too. It needs write access for creating lists via webinterface. This was changed by the last update of mailman via SLES 10 updates, therefore is a distro bug. Kind regards, Christian Mack -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
On 6/23/2012 12:33 PM, Bob Perez wrote: > > I see the error in the log with the list name I try to create ("list1", etc) > admin(10317): OSError: [Errno 13] Permission denied: > '/var/lib/mailman/archives/private/list1.mbox' > > So looks like a permission problem. I ran ./check_perms and then check_db - > Did not help. What does "ls -ld /var/lib/mailman/archives/private" show? What does "ls -l /usr/lib/mailman/cgi-bin/create" (assuming that's the correct path to the create wrapper) show? > I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in > mailman. Did not do this. Good. > I see that the user "mailman" in the "mailman group is the owner of the > mailman files and directories, but after running the ./check_perms now "root" > is the owner of the "mailman" group, however he is not a part of the group, > so I made him a member - Same problem, even after restaring mailman with > ./mailmanctl restart In general, the 'owner' of mailman's files doesn't matter. Everything is controlled by group permissions. All the qrunners run as group "mailman". The web CGI wrappers are supposed to be SETGID and group "mailman" so they run with effective group "mailman". -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Error on attempt to create a List in Mailman 2.1.7-15.12.1 from Mailman Web admin UI
To All, When I and a customer of mine attempt to create a List in Mailman under SLES10 in the Mailman Web admin UI, we get the below error. I have look at Google and mailman-users list archives and cannot find a solution yet. NOTE: If I go to /usr/lib/mailman/bin/ and execute the command ./newlist IT WORKS FINE , but not under the web console. I have Sendmail working with Mailman. Postfix is not an option. NOTE: the below info, under the Error is the Mailman error log : /var/lib/mailmain/logs/error log during the attempt to create any list from the Mailman Webpage I see the error in the log with the list name I try to create ("list1", etc) admin(10317): OSError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/list1.mbox' So looks like a permission problem. I ran ./check_perms and then check_db - Did not help. I think if I do a chmod 755 -R /usr/lib/mailman/ , I may break something in mailman. Did not do this. I see that the user "mailman" in the "mailman group is the owner of the mailman files and directories, but after running the ./check_perms now "root" is the owner of the "mailman" group, however he is not a part of the group, so I made him a member - Same problem, even after restaring mailman with ./mailmanctl restart I noticed that /var/lib/mailman/archives/private was owned by the "mailman" owner, so I did a chown -R for the owner "root" that is a member of the "mailman" group, still same error. Thanks for your assistance,Bob Perez (bpe...@novell.com) > ERROR <<< Bug in Mailman version 2.1.7 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs. < End Error >>> >> Mailman Error log called "error" Jun 22 12:54:38 2012 admin(10317): admin(10317): [- Mailman Version: 2.1.7 -] admin(10317): [- Traceback --] admin(10317): Traceback (most recent call last): admin(10317): File "/usr/lib/mailman/scripts/driver", line 101, in run_main admin(10317):main() admin(10317): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 56, in main admin(10317):process_request(doc, cgidata) admin(10317): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 190, in process_request admin(10317):mlist.Create(listname, owner, pw, langs, emailhost) admin(10317): File "/usr/lib/mailman/Mailman/MailList.py", line 491, in Create admin(10317):self.InitVars(name, admin, crypted_password) admin(10317): File "/usr/lib/mailman/Mailman/MailList.py", line 402, in InitVars admin(10317):baseclass.InitVars(self) admin(10317): File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 96, in InitVars admin(10317):os.mkdir(self.archive_dir()+'.mbox', 02775) admin(10317): OSError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/list1.mbox' admin(10317): [- Python Information -] admin(10317): sys.version= 2.4.2 (#1, May 6 2011, 13:26:21) [GCC 4.1.2 20070115 (SUSE Linux)] admin(10317): sys.executable = /usr/bin/python admin(10317): sys.prefix = /usr admin(10317): sys.exec_prefix = /usr admin(10317): sys.path = /usr admin(10317): sys.platform= linux2 admin(10317): [- Environment Variables -] admin(10317): HTTP_COOKIE: mailman+admin=28020069f4bce44f7328006264346138623165646437633961613863633962646339636332373238613939396030316633; ZNPCQ003-38343200=cec434a7 admin(10317): SERVER_SOFTWARE: Apache/2.2.3 (Linux/SUSE) admin(10317): SCRIPT_NAME: /mailman/create admin(10317): SERVER_SIGNATURE: Apache/2.2.3 (Linux/SUSE) Server at bperez12.lab.novell.com Port 80 admin(10317): admin(10317): REQUEST_METHOD: POST admin(10317): SERVER_PROTOCOL: HTTP/1.1 admin(10317): QUERY_STRING: admin(10317): CONTENT_LENGTH: 150 admin(10317): HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 admin(10317): HTTP_CONNECTION: keep-alive admin(10317): HTTP_REFERER: http://bperez12.lab.novell.com/mailman/create admin(10317): SERVER_NAME: bperez12.lab.novell.com admin(10317): REMOTE_ADDR: 151.155.215.15 admin(10317): SERVER_PORT: 80 admin(10317): SERVER_ADDR: 151.155.215.12 admin(10317): DOCUMENT_ROOT: /srv/www/htdocs admin(10317): PYTHONPATH: /usr/lib/mailman admin(10317): SCRIPT_FILENAME: /usr/lib/mailman/cgi-bin/create admin(10317): SERVER_ADMIN: [no address given] admin(10317): HTTP_HOST: bperez12.lab.novell.com admin(10317): REQUEST_URI: /mailman/create admin(10317): HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 admin(10317): GATEWAY_INTERFACE: CGI/1.1 admin(10317): REMOTE_PORT: 5161