FAQ
Good morning,

While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the "The list administrator may not view the other subscriptions for this user." error.

I know this worked previously, but I don't know what changed.

So far I have changed the site password using mmsitepass, run check_perms -f until there are no permissions errors, and restarted mailman, none of which changed the behavior.

This is Mailman 2.1.13 running on Mac OS X server 10.5.8

Any suggestions will be greatly appreciated.

-Rob

Search Discussions

  • Larry Stone at Apr 1, 2010 at 3:54 pm

    On Thu, 1 Apr 2010, Rob wrote:

    Good morning,

    While dealing with a flood of returned mails generated by the monthly
    password reminders sent out today, I noticed that my site admin password
    no longer functions correctly. Mailman accepts the password, and I can
    make changes to records, but if I attempt, for instance, to view a user
    record and choose the 'List my other subscriptions' button, I get the
    "The list administrator may not view the other subscriptions for this
    user." error.

    I know this worked previously, but I don't know what changed. ...
    This is Mailman 2.1.13 running on Mac OS X server 10.5.8
    Did you install from sources or are you running the version Apple provides
    with OS X Server? If the latter, what probably changed is Apple updating
    you to 2.1.13 in the Security Update that came out last week (I'm assuming
    you must have installed that already). The Release Notes for the update
    say it upgraded Mailman.

    Apple's idea of security vulnerabilities can sometimes be considered as
    being the way you want to use a product is not the way they think you
    should be using it. Like every Security Update on OS X Client
    reconfiguring Postfix so that it does not listen to the outside world.
    Their idea is you don't run a full-blown mail server on Client so
    listening to the outside world is a vulnerability while for those of who
    do want the full-blown server, it's a feature. :-( (make note to self,
    make backup copies of the Postfix config files before installing the
    update this weekend).

    -- Larry Stone
    lstone19 at stonejongleux.com
  • Adam McGreggor at Apr 1, 2010 at 4:11 pm

    On Thu, Apr 01, 2010 at 10:54:30AM -0500, Larry Stone wrote:
    make backup copies of the Postfix config files before installing the
    update this weekend).
    My configs are in subversion (migrated from RCS). Very useful for
    undoing those 'helpful' changes installers like to make.

    More "hip" kids might use git, or another (d)VCS.

    --
    ``The reasonable man adapts himself to the world: the unreasonable one
    persists in trying to adapt the world to himself. Therefore all progress
    depends on the unreasonable man.'' (George Bernard Shaw)
  • Mark Sapiro at Apr 1, 2010 at 4:23 pm

    Rob wrote:
    While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the "The list administrator may not view the other subscriptions for this user." error.

    I know this worked previously, but I don't know what changed.

    So far I have changed the site password using mmsitepass, run check_perms -f until there are no permissions errors, and restarted mailman, none of which changed the behavior.

    This is Mailman 2.1.13 running on Mac OS X server 10.5.8

    If you just upgraded Mailman, this was changed in 2.1.7.

    If that is not the explaination, it is probably that you don't have

    ALLOW_SITE_ADMIN_COOKIES = Yes

    in mm_cfg.py. Be sure and read the documentation in Defaults.py before
    changing this.

    Also, if you have upgraded, see the FAQ at
    <http://wiki.list.org/x/aICB>.

    And finally, the bounced reminder should list all the user's
    subscriptions.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Rob at Apr 1, 2010 at 7:54 pm

    On Apr 1, 2010, at 12:23 PM, Mark Sapiro wrote:

    Rob wrote:
    While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the "The list administrator may not view the other subscriptions for this user." error.

    I know this worked previously, but I don't know what changed.

    So far I have changed the site password using mmsitepass, run check_perms -f until there are no permissions errors, and restarted mailman, none of which changed the behavior.

    This is Mailman 2.1.13 running on Mac OS X server 10.5.8

    If you just upgraded Mailman, this was changed in 2.1.7.

    If that is not the explaination, it is probably that you don't have

    ALLOW_SITE_ADMIN_COOKIES = Yes

    in mm_cfg.py. Be sure and read the documentation in Defaults.py before
    changing this.

    Also, if you have upgraded, see the FAQ at
    <http://wiki.list.org/x/aICB>.

    And finally, the bounced reminder should list all the user's
    subscriptions.
    Thanks. I have not recently upgraded or changed Mailman, though there was a recent Apple security update, and I'm not sure if it could have included a Mailman upgrade within it. The apparently huge number of expired addresses which bounced to the -owner address today suggests (based on my understanding of the wiki article you referenced) that there must have been an upgrade included.

    I added ALLOW_SITE_ADMIN_COOKIES = Yes to mm_cfg.py and restarted mailman, but the behavior persists, or else I am not understanding the new behavior of the site admin password. Essentially I use the site admin password to quickly traverse multiple list config options without having to enter the list password for each list, delete users from multiple lists, or change their passwords for them.

    And, yes, the bounced reminder did list all of the user's subscriptions.

    Thanks for your help.

    -Rob
  • Mark Sapiro at Apr 1, 2010 at 8:20 pm

    Rob wrote:
    Thanks. I have not recently upgraded or changed Mailman, though there was a recent Apple security update, and I'm not sure if it could have included a Mailman upgrade within it. The apparently huge number of expired addresses which bounced to the -owner address today suggests (based on my understanding of the wiki article you referenced) that there must have been an upgrade included.

    According to the reply at
    <http://mail.python.org/pipermail/mailman-users/2010-April/069199.html>,
    there was.

    I added ALLOW_SITE_ADMIN_COOKIES = Yes to mm_cfg.py and restarted mailman, but the behavior persists, or else I am not understanding the new behavior of the site admin password. Essentially I use the site admin password to quickly traverse multiple list config options without having to enter the list password for each list, delete users from multiple lists, or change their passwords for them.

    Did you stop and restart your browser or clear the relevant cookies
    from the browser? (an admin logout should suffice).

    If ALLOW_SITE_ADMIN_COOKIES = No (the default), when you authenticate
    with the site password, you get a cookie that says you are
    authenticated as the list admin, not as the site admin. Thus, you
    can't do global actions on the user options page and you can't go to
    another list's admin pages without logging in there.

    If ALLOW_SITE_ADMIN_COOKIES = Yes and you are authenticated as the site
    admin and you still can't list a users other subscriptions, I think
    this must be an Apple specific feature/bug.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Rob at Apr 1, 2010 at 10:14 pm
    Mark,

    Thanks, I get Mailman posts as a digest so I hadn't yet received the other reply.

    I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with.

    Thanks again.

    -Rob McLear
    On Apr 1, 2010, at 4:20 PM, Mark Sapiro wrote:

    Rob wrote:
    Thanks. I have not recently upgraded or changed Mailman, though there was a recent Apple security update, and I'm not sure if it could have included a Mailman upgrade within it. The apparently huge number of expired addresses which bounced to the -owner address today suggests (based on my understanding of the wiki article you referenced) that there must have been an upgrade included.

    According to the reply at
    <http://mail.python.org/pipermail/mailman-users/2010-April/069199.html>,
    there was.

    I added ALLOW_SITE_ADMIN_COOKIES = Yes to mm_cfg.py and restarted mailman, but the behavior persists, or else I am not understanding the new behavior of the site admin password. Essentially I use the site admin password to quickly traverse multiple list config options without having to enter the list password for each list, delete users from multiple lists, or change their passwords for them.

    Did you stop and restart your browser or clear the relevant cookies
    from the browser? (an admin logout should suffice).

    If ALLOW_SITE_ADMIN_COOKIES = No (the default), when you authenticate
    with the site password, you get a cookie that says you are
    authenticated as the list admin, not as the site admin. Thus, you
    can't do global actions on the user options page and you can't go to
    another list's admin pages without logging in there.

    If ALLOW_SITE_ADMIN_COOKIES = Yes and you are authenticated as the site
    admin and you still can't list a users other subscriptions, I think
    this must be an Apple specific feature/bug.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Mark Sapiro at Apr 1, 2010 at 10:51 pm

    Rob wrote:
    I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with.

    Key question #1 is are the cookies named 'listname-admin' or 'site'?

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Rob at Apr 1, 2010 at 11:54 pm

    On Apr 1, 2010, at 6:51 PM, Mark Sapiro wrote:

    Rob wrote:
    I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with.

    Key question #1 is are the cookies named 'listname-admin' or 'site'?

    --
    They are named listname+admin

    Is there any way to determine whether my mailman installation is reading the lines from my mm_cfg.py correctly?

    -Rob
  • Mark Sapiro at Apr 2, 2010 at 12:08 am

    Rob wrote:
    On Apr 1, 2010, at 6:51 PM, Mark Sapiro wrote:

    Rob wrote:
    I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with.

    Key question #1 is are the cookies named 'listname-admin' or 'site'?

    --
    They are named listname+admin

    Is there any way to determine whether my mailman installation is reading the lines from my mm_cfg.py correctly?

    Here's one way.

    [mark at sbh16 ~]$ /path/to/bin/withlist -i
    No list name supplied.
    Python 2.4.3 (#1, Sep 3 2009, 15:37:12)
    [GCC 4.1.2 20080704 (Red Hat 4.1.2-46)] on linux2
    Type "help", "copyright", "credits" or "license" for more information.
    (InteractiveConsole)
    from Mailman import mm_cfg
    mm_cfg.ALLOW_SITE_ADMIN_COOKIES
    False
    >>>
    [mark at sbh16 ~]$


    You type the command with the correct path to Mailman's bin/withlist.
    Then you type the two lines after the '>>>' prompts. In your case, the
    response should be True or 1. At the third prompt, type control-D.

    Another clue is whether the timestamp on mm_cfg.pyc is more recent than
    that on mm_cfg.py, although this isn't always definitive due to
    possible permission issues.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Rob at Apr 2, 2010 at 2:19 am

    They are named listname+admin

    Is there any way to determine whether my mailman installation is reading the lines from my mm_cfg.py correctly?

    Here's one way.

    [mark at sbh16 ~]$ /path/to/bin/withlist -i
    No list name supplied.
    Python 2.4.3 (#1, Sep 3 2009, 15:37:12)
    [GCC 4.1.2 20080704 (Red Hat 4.1.2-46)] on linux2
    Type "help", "copyright", "credits" or "license" for more information.
    (InteractiveConsole)
    from Mailman import mm_cfg
    mm_cfg.ALLOW_SITE_ADMIN_COOKIES
    False
    [mark at sbh16 ~]$


    You type the command with the correct path to Mailman's bin/withlist.
    Then you type the two lines after the '>>>' prompts. In your case, the
    response should be True or 1. At the third prompt, type control-D.

    Another clue is whether the timestamp on mm_cfg.pyc is more recent than
    that on mm_cfg.py, although this isn't always definitive due to
    possible permission issues.
    From the withlist command I got a False response. I checked the timestamps as you suggested and found that mm_cfg.pyc had a timestamp from yesterday, likely when I ran the update. However, mm_cfg.py was last changed in 2008, which I know is incorrect since I edited it today.
    So, "locate mm_cfg.py" and sure enough there are two separate mailman folders; /usr/share/mailman and /usr/local/mailman . Yes indeed, I had edited the wrong file.

    Don't know where the duplicate came from, I think this server was upgraded from OS X Server 10.3, perhaps there was an old installation.

    Long story short, edited the correct copy of mm_cfg.py and restarted, all works well again.

    Thanks so much for your help.

    -Rob

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedApr 1, '10 at 2:29p
activeApr 2, '10 at 2:19a
posts11
users4
websitelist.org

People

Translate

site design / logo © 2022 Grokbase