FAQ
I'm trying to set up 2.0rc1, and I can't seem to get it working. There
seems to be a problem with permissions. I've run check_perms and it
only bitches about the docs/ directory, which I created (for HTML docs).
I've found, however, that I get an error when I try to use the admin CGI,
and it leaves a lockfile in locks/ that causes any subsequent attempts
to hang. I've found I can make modifications through the admin CGI
if I change the owner of lists/<listname>/config.db* to nobody (the
user&group of Apache).

However, if I do that, qrunner and the other cronned jobs fails with a
permission error. Changing the ownership to 'mailman' lets these run.

I created the list as root; the install doc didn't say it needed to be
run as 'mailman'. Also, I just tested running 'newlist' as 'mailman',
and it still failed with a permission error.

It /appears/ that the CGI needs to use mail/wrapper, but maybe Apache
does not let CGIs run Set[UG]ID programs?

What it looks to me like

Here's how I installed:

$ ./configure --with-mail-gid=nobody --with-cgi-gid=nobody \
--with-cgi-ext= && make
(As non-root, non-mailman user)

# make install

This is an Immunix 6.2 system, which is basically a Red Hat 6.2 system
rebuilt with the StackGuard compiler. I've replaced Sendmail with
Postfix. The above GIDs are correct for Postfix and Apache.

Just so you don't think I'm crazy, here are some perms that seem to
be relevant:

/home/mailman/lists/test]
# ls -l
total 22
-rw-rw-r-- 1 mailman mailman 1706 Oct 26 17:14 admindbpreamble.html
-rw-rw---- 1 mailman mailman 2815 Oct 26 17:14 config.db
-rw-rw---- 1 nobody mailman 2815 Oct 26 17:16 config.db.tmp.mithra.wirex.com.19740
-rw-rw-r-- 1 mailman mailman 189 Oct 26 17:14 handle_opts.html
-rw-rw-r-- 1 mailman mailman 900 Oct 26 17:14 headfoot.html
-rw-rw-r-- 1 mailman mailman 3136 Oct 26 17:14 listinfo.html
-rw-rw-r-- 1 mailman mailman 0 Oct 26 17:14 next-digest
-rw-rw-r-- 1 mailman mailman 0 Oct 26 17:14 next-digest-topics
-rw-rw-r-- 1 mailman mailman 4106 Oct 26 17:14 options.html
-rw-rw-r-- 1 mailman mailman 1169 Oct 26 17:14 roster.html
-rw-rw-r-- 1 mailman mailman 198 Oct 26 17:14 subscribe.html

# ls -l mail
total 33
-rwxr-sr-x 1 root mailman 32464 Oct 26 11:35 wrapper

# ls -l locks
total 2
-rw-rw-r-- 2 nobody mailman 52 Oct 26 2000 test.lock
-rw-rw-r-- 2 nobody mailman 52 Oct 26 2000 test.lock.mithra.wirex.com.20052

And here's the backtrace from the CGI error:

Oct 26 17:53:43 2000 admin(20362): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(20362): [----- Mailman Version: 2.0rc1 -----]
admin(20362): [----- Traceback ------]
admin(20362): Traceback (innermost last):
admin(20362): File "/home/mailman/scripts/driver", line 96, in run_main
admin(20362): main()
admin(20362): File "/home/mailman/Mailman/Cgi/admin.py", line 138, in main
admin(20362): mlist.Save()
admin(20362): File "/home/mailman/Mailman/MailList.py", line 842, in Save
admin(20362): self.__save(dict)
admin(20362): File "/home/mailman/Mailman/MailList.py", line 818, in __save
admin(20362): os.link(fname, fname_last)
admin(20362): OSError: [Errno 1] Operation not permitted

(I'll assume you don't need the rest of it. I can send it if you do.)

Wil
--
W. Reilly Cooley, Esq. wcooley at wirex.com

Search Discussions

  • Dan Mick at Oct 27, 2000 at 1:05 am
    That looks like the Openwall Security Patch issue; hard links
    are restricted in some way I don't remember. Check the list archives;
    Marc Merlin has an installation procedure that works around the problem,
    and has posted about it several times.
    I'm trying to set up 2.0rc1, and I can't seem to get it working. There
    seems to be a problem with permissions. I've run check_perms and it
    only bitches about the docs/ directory, which I created (for HTML docs).
    I've found, however, that I get an error when I try to use the admin CGI,
    and it leaves a lockfile in locks/ that causes any subsequent attempts
    to hang. I've found I can make modifications through the admin CGI
    if I change the owner of lists/<listname>/config.db* to nobody (the
    user&group of Apache).

    However, if I do that, qrunner and the other cronned jobs fails with a
    permission error. Changing the ownership to 'mailman' lets these run.

    I created the list as root; the install doc didn't say it needed to be
    run as 'mailman'. Also, I just tested running 'newlist' as 'mailman',
    and it still failed with a permission error.

    It /appears/ that the CGI needs to use mail/wrapper, but maybe Apache
    does not let CGIs run Set[UG]ID programs?

    What it looks to me like

    Here's how I installed:

    $ ./configure --with-mail-gid=nobody --with-cgi-gid=nobody \
    --with-cgi-ext= && make
    (As non-root, non-mailman user)

    # make install

    This is an Immunix 6.2 system, which is basically a Red Hat 6.2 system
    rebuilt with the StackGuard compiler. I've replaced Sendmail with
    Postfix. The above GIDs are correct for Postfix and Apache.

    Just so you don't think I'm crazy, here are some perms that seem to
    be relevant:

    /home/mailman/lists/test]
    # ls -l
    total 22
    -rw-rw-r-- 1 mailman mailman 1706 Oct 26 17:14 admindbpreamble.html
    -rw-rw---- 1 mailman mailman 2815 Oct 26 17:14 config.db
    -rw-rw---- 1 nobody mailman 2815 Oct 26 17:16
    config.db.tmp.mithra.wirex.com.19740
    -rw-rw-r-- 1 mailman mailman 189 Oct 26 17:14 handle_opts.html
    -rw-rw-r-- 1 mailman mailman 900 Oct 26 17:14 headfoot.html
    -rw-rw-r-- 1 mailman mailman 3136 Oct 26 17:14 listinfo.html
    -rw-rw-r-- 1 mailman mailman 0 Oct 26 17:14 next-digest
    -rw-rw-r-- 1 mailman mailman 0 Oct 26 17:14 next-digest-topics
    -rw-rw-r-- 1 mailman mailman 4106 Oct 26 17:14 options.html
    -rw-rw-r-- 1 mailman mailman 1169 Oct 26 17:14 roster.html
    -rw-rw-r-- 1 mailman mailman 198 Oct 26 17:14 subscribe.html

    # ls -l mail
    total 33
    -rwxr-sr-x 1 root mailman 32464 Oct 26 11:35 wrapper

    # ls -l locks
    total 2
    -rw-rw-r-- 2 nobody mailman 52 Oct 26 2000 test.lock
    -rw-rw-r-- 2 nobody mailman 52 Oct 26 2000
    test.lock.mithra.wirex.com.20052
    And here's the backtrace from the CGI error:

    Oct 26 17:53:43 2000 admin(20362):
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    admin(20362): [----- Mailman Version: 2.0rc1 -----]
    admin(20362): [----- Traceback ------]
    admin(20362): Traceback (innermost last):
    admin(20362): File "/home/mailman/scripts/driver", line 96, in run_main
    admin(20362): main()
    admin(20362): File "/home/mailman/Mailman/Cgi/admin.py", line 138, in main
    admin(20362): mlist.Save()
    admin(20362): File "/home/mailman/Mailman/MailList.py", line 842, in Save
    admin(20362): self.__save(dict)
    admin(20362): File "/home/mailman/Mailman/MailList.py", line 818, in __save
    admin(20362): os.link(fname, fname_last)
    admin(20362): OSError: [Errno 1] Operation not permitted

    (I'll assume you don't need the rest of it. I can send it if you do.)

    Wil
    --
    W. Reilly Cooley, Esq. wcooley at wirex.com




    ------------------------------------------------------
    Mailman-Users maillist - Mailman-Users at python.org
    http://www.python.org/mailman/listinfo/mailman-users
  • Michael Brennen at Oct 27, 2000 at 2:10 am
    Hi Wil... :)

    I had the same problem running the Mandrake 7.x secure kernel; I had
    no idea until afterwards that the Openwall patches are apparently in
    that kernel. You'll either need the workaround patch from
    sourceforge or run the standard kernel.

    -- Michael
    On Thu, 26 Oct 2000, Dan Mick wrote:

    That looks like the Openwall Security Patch issue; hard links
    are restricted in some way I don't remember. Check the list archives;
    Marc Merlin has an installation procedure that works around the problem,
    and has posted about it several times.
    I'm trying to set up 2.0rc1, and I can't seem to get it working. There
    seems to be a problem with permissions. I've run check_perms and it
    only bitches about the docs/ directory, which I created (for HTML docs).
    I've found, however, that I get an error when I try to use the admin CGI,
    and it leaves a lockfile in locks/ that causes any subsequent attempts
    to hang. I've found I can make modifications through the admin CGI
    if I change the owner of lists/<listname>/config.db* to nobody (the
    user&group of Apache).
  • W. Reilly Cooley at Oct 27, 2000 at 5:48 pm

    On Thu, Oct 26, 2000 at 09:10:39PM -0500, Michael Brennen wrote:
    Hi Wil... :)
    Hi Michael! :)
    I had the same problem running the Mandrake 7.x secure kernel; I had
    no idea until afterwards that the Openwall patches are apparently in
    that kernel. You'll either need the workaround patch from
    sourceforge or run the standard kernel.
    Yep, this kernel does have OpenWall applied. Thanks for everyone who
    picked up on this (even though I hadn't mentioned it). I was wondering
    how an RC release could seem so badly broken.

    Wil
    --
    W. Reilly Cooley, Esq. wcooley at wirex.com

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedOct 27, '00 at 12:55a
activeOct 27, '00 at 5:48p
posts4
users3
websitelist.org

People

Translate

site design / logo © 2022 Grokbase