OK almost there. I can get into the admin however for each list, I am still getting permission errors. Here are the current perms: ls -l /var/lib/mailman/lists/datastr total 32 -rw-rw-rw- 1 mailman mailman 9250 Jul 23 14:15 config.pck -rw-rw-rw- 1 mailman mailman 9250 Jul 23 09:00 config.pck.last -rw-rw-rw- 1 mailman mailman 130 Mar 31 2016 pending.pck -rw-rw-rw- 1 mailman mailman 20 Apr 1 2016 request.pck ls -ld /var/lib/mailman/lists/datastr drwxrwsr-x 2 mailman mailman 85 Jul 23 14:15 /var/lib/mailman/lists/datastr ls -ld /var/lib/mailman/lists/ drwxrwsr-x 25 mailman mailman 4096 Feb 12 06:53 /var/lib/mailman/lists/ ls -ld /var/lib/mailman/ drwxrwsr-x 6 root mailman 59 Feb 12 06:53 /var/lib/mailman/ So the below tmp file cannot write into the directory. Jul 25 10:45:29 2019 (10878) Failed config.pck write, retaining old state. [Errno 13] Permission denied: '/var/lib/mailman/lists/datastr/config.pck.tmp.ourdomain.edu.10878' Jul 25 10:45:29 2019 admin(10878): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(10878): [----- Mailman Version: 2.1.29 -----] admin(10878): [----- Traceback ------] admin(10878): Traceback (most recent call last): admin(10878): File "/usr/lib/mailman/scripts/driver", line 117, in run_main admin(10878): main() admin(10878): File "/usr/lib/mailman/Mailman/Cgi/admin.py", line 250, in main admin(10878): mlist.Save() admin(10878): File "/usr/lib/mailman/Mailman/MailList.py", line 613, in Save admin(10878): self.__save(dict) admin(10878): File "/usr/lib/mailman/Mailman/MailList.py", line 568, in __save admin(10878): fp = open(fname_tmp, 'w') admin(10878): IOError: [Errno 13] Permission denied: '/var/lib/mailman/lists/datastr/config.pck.tmp.ourdomain.edu.10878' admin(10878): [----- Python Information -----] admin(10878): sys.version = 2.7.16 (default, Apr 30 2019, 15:54:43) [GCC 9.0.1 20190312 (Red Hat 9.0.1-0.10)] admin(10878): sys.executable = /usr/bin/python2 admin(10878): sys.prefix = /usr admin(10878): sys.exec_prefix = /usr admin(10878): sys.path = ['/usr/lib/mailman/pythonlib', '/usr/lib/mailman', '/usr/lib/mailman/scripts', '/usr/lib/mailman', '/usr/lib/python27.zip', '/usr/lib64/python2.7', '/usr/lib64/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk', '/usr/lib64/python2.7/lib-old', '/usr/lib64/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages', '/usr/lib/python2.7/dist-packages'] admin(10878): sys.platform = linux2 admin(10878): [----- Environment Variables -----] admin(10878): CONTENT_LENGTH: 38 admin(10878): HTTPS: on admin(10878): HTTP_COOKIE: admin(10878): SERVER_NAME: ourdomain.edu admin(10878): SERVER_PROTOCOL: HTTP/1.1 admin(10878): PYTHONPATH: /usr/lib/mailman admin(10878): REMOTE_ADDR: myip admin(10878): REQUEST_SCHEME: https admin(10878): SCRIPT_NAME: /mailman/admin admin(10878): REQUEST_METHOD: POST admin(10878): SERVER_PORT: 443 admin(10878): HTTP_HOST: ourdomain.edu admin(10878): PATH_INFO: /datastr admin(10878): CONTENT_TYPE: application/x-www-form-urlencoded admin(10878): REMOTE_PORT: 53063 admin(10878): QUERY_STRING: admin(10878): REQUEST_URI: /mailman/admin/datastr admin(10878): DOCUMENT_ROOT: /var/www/html Isn't this similar to my other issue? I believe the user "apache" needs to write that tmp file? On Wed, Jul 24, 2019 at 5:29 PM Mark Sapiro <mark@msapiro.net> wrote:
On 7/24/19 1:59 PM, Robert Kudyba wrote:
I’m getting some where here. First Apache httpd runs as user:apache:
Right.
Now I see these files, and look at the owner: ls -lt /var/lib/mailman/lists/mailman/ total 184 -rw-rw---- 1 apache mailman 4352 Jul 24 16:55 config.pck -rw-rw---- 1 apache mailman 4352 Jul 24 16:55 config.pck.last -rw-rw---- 1 apache mailman 22949 Jul 24 16:54 request.pck -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:51 config.pck.tmp.dsm.dsm.fordham.edu.5850 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:47 config.pck.tmp.dsm.dsm.fordham.edu.5342 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:46 config.pck.tmp.dsm.dsm.fordham.edu.5002 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:38 config.pck.tmp.dsm.dsm.fordham.edu.3609 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:34 config.pck.tmp.dsm.dsm.fordham.edu.2986 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 16:32 config.pck.tmp.dsm.dsm.fordham.edu.2727 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 13:41 config.pck.tmp.dsm.dsm.fordham.edu.5113 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:58 config.pck.tmp.dsm.dsm.fordham.edu.22328 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:40 config.pck.tmp.dsm.dsm.fordham.edu.19790 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:29 config.pck.tmp.dsm.dsm.fordham.edu.13505 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:25 config.pck.tmp.dsm.dsm.fordham.edu.15335 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:23 config.pck.tmp.dsm.dsm.fordham.edu.14826 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 11:23 config.pck.tmp.dsm.dsm.fordham.edu.14771 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 10:03 config.pck.tmp.dsm.dsm.fordham.edu.22176 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 10:01 config.pck.tmp.dsm.dsm.fordham.edu.22179 -rw-rw-rw- 1 mailman mailman 3122 Jul 24 10:01 pending.pck -rw-rw-rw- 1 mailman mailman 4350 Jul 24 09:00 config.pck.tmp.dsm.dsm.fordham.edu.6326 -rw-rw-rw- 1 mailman mailman 4350 Jul 24 09:00 config.pck.tmp.dsm.dsm.fordham.edu.6329 -rw-rw-rw- 1 mailman mailman 2438 Jul 23 08:51 digest.mbox
Whenever I am in the admin page the 1st 3 files get changed to user:apache.
This is all as it should be.
Note that all the config.pck.tmp.dsm.dsm.fordham.edu.pppp files are left from when the linking of config.pck to config.pck.last failed as described at < https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.python.org_pipermail_mailman-2Dusers_2019-2DJuly_084590.html&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=YN5-7P2QO-rJTSkNK0pyd-OoThRTFjU62JO756bVJo8&e=
. They can be removed.
The owner of these files doesn't matter. It is the mailman group that matters. When apache saves a list, it is running as user:group apache:mailman. This is how the files get created. It is the mailman group and its permissions that allow this. When a qrunner saves a list it is running as mailman:mailman and the created files have that user:group. When a web CGI saves a list it is running as apache:mailman and the created files have that user:group.
This is all expected and it is the group permissions that allow the operations.
Is there perhaps something in the .service file that I need to change? cat /usr/lib/systemd/system/mailman.service [Unit] Description=GNU Mailing List Manager After=syslog.target network.target
[Service] ExecStartPre=/usr/lib/mailman/bin/mailman-update-cfg
Ask RedHat about this one.
ExecStartPre=/usr/bin/install -m644 -o mailman -g mailman /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman
This is also a RedHat thing.
ExecStartPre=/bin/touch /var/log/mailman/error ExecStartPre=/bin/chown mailman:mailman /var/log/mailman/error ExecStartPre=/bin/chmod 666 /var/log/mailman/error
The above should not be necessary at all.
ExecStart=/usr/lib/mailman/bin/mailmanctl -s start ExecReload=/usr/lib/mailman/bin/mailmanctl restart ExecStop=/usr/lib/mailman/bin/mailman-update-cfg ExecStop=/usr/lib/mailman/bin/mailmanctl stop ExecStop=/bin/sh -c 'echo -e "# DO NOT EDIT THIS FILE!\n#\n# Contents of this file managed by /etc/init.d/mailman\n# Master copy is /usr/lib/mailman/cron/crontab.in" > /etc/cron.d/mailman' Type=forking
[Install] WantedBy=multi-user.target
Does the user NEED to be the same as who Apache runs as?
No. the group has to be mailman. the user is irrelevant.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.python.org_mailman_listinfo_mailman-2Dusers&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=1zwOlne7LsMUz3UiVKxB9NeBsI1pEV9eUuxQQ5L0_zY&e= Mailman FAQ: https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.list.org_x_AgA3&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=pZjNHSUfy8LUmXE8tsm1kwXiYl7XqqwkkRzzV4LQeJE&e= Security Policy: https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.list.org_x_QIA9&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=5kXYMZmAVrdvkYduBzBykS8wgAYbQpwmNbO1WIqdPak&e= Searchable Archives: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mail-2Darchive.com_mailman-2Dusers-2540python.org_&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=t1mMHU9K2bHneljt0LaxcPYD2UshKR8zxauH511Zn78&e= Unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.python.org_mailman_options_mailman-2Dusers_rkudyba-2540fordham.edu&d=DwIGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=JvRbH7r1X3n_UdN-IMTBhvNQDRPRJROtIHc74SwT2Jo&s=xFUyyFlbQpESSDnVfWydAz2MwxF6-2c4QMEFV0UyhYo&e=