Re: [Mailman-Users] Perm Hosery in 2.0rc1?
That looks like the Openwall Security Patch issue; hard links are restricted in some way I don't remember. Check the list archives; Marc Merlin has an installation procedure that works around the problem, and has posted about it several times.
I'm trying to set up 2.0rc1, and I can't seem to get it working. There seems to be a problem with permissions. I've run check_perms and it only bitches about the docs/ directory, which I created (for HTML docs). I've found, however, that I get an error when I try to use the admin CGI, and it leaves a lockfile in locks/ that causes any subsequent attempts to hang. I've found I can make modifications through the admin CGI if I change the owner of lists/<listname>/config.db* to nobody (the user&group of Apache).
However, if I do that, qrunner and the other cronned jobs fails with a permission error. Changing the ownership to 'mailman' lets these run.
I created the list as root; the install doc didn't say it needed to be run as 'mailman'. Also, I just tested running 'newlist' as 'mailman', and it still failed with a permission error.
It /appears/ that the CGI needs to use mail/wrapper, but maybe Apache does not let CGIs run Set[UG]ID programs?
What it looks to me like
Here's how I installed:
$ ./configure --with-mail-gid=nobody --with-cgi-gid=nobody \ --with-cgi-ext= && make (As non-root, non-mailman user)
# make install
This is an Immunix 6.2 system, which is basically a Red Hat 6.2 system rebuilt with the StackGuard compiler. I've replaced Sendmail with Postfix. The above GIDs are correct for Postfix and Apache.
Just so you don't think I'm crazy, here are some perms that seem to be relevant:
/home/mailman/lists/test] # ls -l total 22 -rw-rw-r-- 1 mailman mailman 1706 Oct 26 17:14 admindbpreamble.html -rw-rw---- 1 mailman mailman 2815 Oct 26 17:14 config.db -rw-rw---- 1 nobody mailman 2815 Oct 26 17:16 config.db.tmp.mithra.wirex.com.19740 -rw-rw-r-- 1 mailman mailman 189 Oct 26 17:14 handle_opts.html -rw-rw-r-- 1 mailman mailman 900 Oct 26 17:14 headfoot.html -rw-rw-r-- 1 mailman mailman 3136 Oct 26 17:14 listinfo.html -rw-rw-r-- 1 mailman mailman 0 Oct 26 17:14 next-digest -rw-rw-r-- 1 mailman mailman 0 Oct 26 17:14 next-digest-topics -rw-rw-r-- 1 mailman mailman 4106 Oct 26 17:14 options.html -rw-rw-r-- 1 mailman mailman 1169 Oct 26 17:14 roster.html -rw-rw-r-- 1 mailman mailman 198 Oct 26 17:14 subscribe.html
# ls -l mail total 33 -rwxr-sr-x 1 root mailman 32464 Oct 26 11:35 wrapper
# ls -l locks total 2 -rw-rw-r-- 2 nobody mailman 52 Oct 26 2000 test.lock -rw-rw-r-- 2 nobody mailman 52 Oct 26 2000 test.lock.mithra.wirex.com.20052
And here's the backtrace from the CGI error:
Oct 26 17:53:43 2000 admin(20362): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(20362): [----- Mailman Version: 2.0rc1 -----] admin(20362): [----- Traceback ------] admin(20362): Traceback (innermost last): admin(20362): File "/home/mailman/scripts/driver", line 96, in run_main admin(20362): main() admin(20362): File "/home/mailman/Mailman/Cgi/admin.py", line 138, in main admin(20362): mlist.Save() admin(20362): File "/home/mailman/Mailman/MailList.py", line 842, in Save admin(20362): self.__save(dict) admin(20362): File "/home/mailman/Mailman/MailList.py", line 818, in __save admin(20362): os.link(fname, fname_last) admin(20362): OSError: [Errno 1] Operation not permitted
(I'll assume you don't need the rest of it. I can send it if you do.)
Wil -- W. Reilly Cooley, Esq. wcooley@wirex.com
------------------------------------------------------ Mailman-Users maillist - Mailman-Users@python.org http://www.python.org/mailman/listinfo/mailman-users
Hi Wil... :)
I had the same problem running the Mandrake 7.x secure kernel; I had no idea until afterwards that the Openwall patches are apparently in that kernel. You'll either need the workaround patch from sourceforge or run the standard kernel.
-- Michael
On Thu, 26 Oct 2000, Dan Mick wrote:
That looks like the Openwall Security Patch issue; hard links are restricted in some way I don't remember. Check the list archives; Marc Merlin has an installation procedure that works around the problem, and has posted about it several times.
I'm trying to set up 2.0rc1, and I can't seem to get it working. There seems to be a problem with permissions. I've run check_perms and it only bitches about the docs/ directory, which I created (for HTML docs). I've found, however, that I get an error when I try to use the admin CGI, and it leaves a lockfile in locks/ that causes any subsequent attempts to hang. I've found I can make modifications through the admin CGI if I change the owner of lists/<listname>/config.db* to nobody (the user&group of Apache).
On Thu, Oct 26, 2000 at 09:10:39PM -0500, Michael Brennen wrote:
Hi Wil... :)
Hi Michael! :)
I had the same problem running the Mandrake 7.x secure kernel; I had no idea until afterwards that the Openwall patches are apparently in that kernel. You'll either need the workaround patch from sourceforge or run the standard kernel.
Yep, this kernel does have OpenWall applied. Thanks for everyone who picked up on this (even though I hadn't mentioned it). I was wondering how an RC release could seem so badly broken.
Wil
W. Reilly Cooley, Esq. wcooley@wirex.com
participants (3)
-
Dan Mick
-
Michael Brennen
-
W. Reilly Cooley