Re: [Mailman-Users] can't call command line functions from php
Mark Sapiro wrote: Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. and: My safe_mode is Off. There are no errors in my http log and none output to the screen. I can run other commands with system and shell_exec...just not any mailman commands. Are you sure you're executing the command as the mailman group? Try chmod g+s /usr/local/mailman/bin/add_members and see if that helps. If it does, the problem is with the group executing the command. That did not help. Does anyone have any other ideas? If it were all system commands, that would be one thing, but it appears to be just mailman. Anne -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
Mark Sapiro wrote: Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. and: My safe_mode is Off. There are no errors in my http log and none output to the screen. I can run other commands with system and shell_exec...just not any mailman commands. Are you sure you're executing the command as the mailman group? Try chmod g+s /usr/local/mailman/bin/add_members and see if that helps. If it does, the problem is with the group executing the command. You don't want to leave add_members as SETGID if non Mailman admins have shell access to your box as SETGID will allow anyone to successfully run the command. That didn't help. I have found an error: IOError: [Errno 13] Permission denied: '/usr/local/mailman/lists/mailman/config.pck' it was in my main apache log, not the log for the virtual server I am running the command off of. What I get permission denied to depends on what command I'm trying to run. Sometimes it's a lock file. If it's a group thing, I don't understand why--my perl scripts can run these commands fine, but my php cannot. They both run from the same web server, so they'll both be running as the same user. Anne -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
Mark Sapiro wrote: Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. and: My safe_mode is Off. There are no errors in my http log and none output to the screen. I can run other commands with system and shell_exec...just not any mailman commands. Are you sure you're executing the command as the mailman group? Try chmod g+s /usr/local/mailman/bin/add_members and see if that helps. If it does, the problem is with the group executing the command. You don't want to leave add_members as SETGID if non Mailman admins have shell access to your box as SETGID will allow anyone to successfully run the command. Sorry for the multitude of emails, but I'm hammering on this and keep finding out new tidbits. The scripts only work as mailman and root on this machine...it is the live server (this is the test) that can successfully run from the perl scripts. So my issue is different than I thought. My check_perms gives me No problems found. I have added a couple of users to the mailman group, I've tried the chmod g+s for all the scripts. All to no effect. I'm beginning to wonder if it may be a systems issue--something wrong with the way it's handling group permissions. Anne -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
couple of users to the mailman group, I've tried the chmod g+s for all the scripts. All to no effect. I'm beginning to wonder if it may be a systems issue--something wrong with the way it's handling group permissions. Scripts can't be run under setuid/setgid on *nix systems. You may have to change the user's primary group as mailman or use newgrp command on solaris. -- Tokio Kikuchi, [EMAIL PROTECTED] http://weather.is.kochi-u.ac.jp/ -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] can't call command line functions from php
I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. I've tried: shell_exec($command); as well but it didn't work either. I can successfully call these functions from my old perl scripts, so I don't think it's a permissions issue. I think I must be missing something in the php. This may be a little out of the scope of this list, but any help would be appreciated. -- Anne -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. I've tried: shell_exec($command); as well but it didn't work either. I can successfully call these functions from my old perl scripts, so I don't think it's a permissions issue. I think I must be missing something in the php. This may be a little out of the scope of this list, but any help would be appreciated. End original message. - This is slightly off-topic but I am sure there are other users out there who also use PHP for web scripting to interface to mailman (I do on my system, I am far more comfortable with it than Python). This sounds like PHP is being run in safe mode and the scripts you are trying to run are not allowed under the permitted safe-mode commands. Safe mode is often enabled by ISPs running servers that host virtual domains to prevent users from doing malicious and/or negligent things that can damage the file hierarchy or compromise sensitive system information. Chapter 9 of the PHP manual describes safe mode and how it works. If you have error reporting to the browser turned off, you will need to look in the HTTP server error log to see if PHP is complaining about something. You might have to boost the error-reporting level in your PHP script using the error_reporting function in your script to get the level of detail you need. Dragon ~~~ Venimus, Saltavimus, Bibimus (et naribus canium capti sumus) ~~~ -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
Dragon wrote: Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. I've tried: shell_exec($command); as well but it didn't work either. I can successfully call these functions from my old perl scripts, so I don't think it's a permissions issue. I think I must be missing something in the php. This may be a little out of the scope of this list, but any help would be appreciated. End original message. - This is slightly off-topic but I am sure there are other users out there who also use PHP for web scripting to interface to mailman (I do on my system, I am far more comfortable with it than Python). This sounds like PHP is being run in safe mode and the scripts you are trying to run are not allowed under the permitted safe-mode commands. Safe mode is often enabled by ISPs running servers that host virtual domains to prevent users from doing malicious and/or negligent things that can damage the file hierarchy or compromise sensitive system information. Chapter 9 of the PHP manual describes safe mode and how it works. If you have error reporting to the browser turned off, you will need to look in the HTTP server error log to see if PHP is complaining about something. You might have to boost the error-reporting level in your PHP script using the error_reporting function in your script to get the level of detail you need. Dragon My safe_mode is Off. There are no errors in my http log and none output to the screen. I can run other commands with system and shell_exec...just not any mailman commands. Anne -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. and: My safe_mode is Off. There are no errors in my http log and none output to the screen. I can run other commands with system and shell_exec...just not any mailman commands. Are you sure you're executing the command as the mailman group? Try chmod g+s /usr/local/mailman/bin/add_members and see if that helps. If it does, the problem is with the group executing the command. You don't want to leave add_members as SETGID if non Mailman admins have shell access to your box as SETGID will allow anyone to successfully run the command. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] can't call command line functions from php
Thus spake Anne Ramey on Mon, Sep 18, 2006 at 03:06:37PM CDT Dragon wrote: Anne Ramey wrote: I have my php script running as a user in the mailman group, but when I try to do: //add user to Admin email list $command = /usr/local/mailman/bin/add_members -r .$Filename. admins; system($command, $status); I get a status of 1 returned to me and it doesn't add the users. I've tried: shell_exec($command); as well but it didn't work either. I can successfully call these functions from my old perl scripts, so I don't think it's a permissions issue. A better look at the permissions issue here would be helpful, since that's the first thing one ought to eliminate. I guess that we can assume you're running this on a 'nix-like OS since you mention permissions. Make sure that /usr/local/mailman/bin/add_members has either world read and execute permissions, or group read and execute permissions (dicey from a security standpoint) or that the web server user is a member of group mailman (or whatever group your mailman is installed as) and that group read and execute permissions are turned on. If permissions are an issue, there may be other mailman components called into the process by add_members which may also need permissions adjusted. If I run system executables from a web page using PHP I generally do so via a compiled setuid wrapper script which allows execution of the system command as a priveleged user, or in your case as the mailman user. This avoids all such problems. My wrapper program is written in C and has a bunch of security checks built into it, and you can obfusticate it in a number of ways so that it's pretty well inaccessable to a would-be troublemaker. Another possible tool here would be to use passthru() instead of system() which will allow any output from $command to be displayed. Another might be to set $command to point to a shell script which will run add_members, which will allow you to redirect stdout and stderr appropriately. I think I must be missing something in the php. This may be a little out of the scope of this list, but any help would be appreciated. End original message. - This is slightly off-topic but I am sure there are other users out there who also use PHP for web scripting to interface to mailman (I do on my system, I am far more comfortable with it than Python). This sounds like PHP is being run in safe mode and the scripts you are trying to run are not allowed under the permitted safe-mode commands. Safe mode is often enabled by ISPs running servers that host virtual domains to prevent users from doing malicious and/or negligent things that can damage the file hierarchy or compromise sensitive system information. Chapter 9 of the PHP manual describes safe mode and how it works. If you have error reporting to the browser turned off, you will need to look in the HTTP server error log to see if PHP is complaining about something. You might have to boost the error-reporting level in your PHP script using the error_reporting function in your script to get the level of detail you need. Dragon My safe_mode is Off. There are no errors in my http log and none output to the screen. I can run other commands with system and shell_exec...just not any mailman commands. Anne -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/fmouse-mailman%40fmp.com Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp -- Lindsay Haisley | Fighting against human | PGP public key FMP Computer Services |creativity is like | available at 512-259-1190 |trying to eradicate | http://pubkeys.fmp.com http://www.fmp.com|dandelions | | (Pamela Jones) | -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
