[Mailman-Users] Setting up suEXEC and Mailman so they'll play nice
tom at suespammers.org
Thu Nov 18 10:23:55 CET 1999
As promised, from my sysadmin Doug Muth.
---------------- Begin Forwarded Message ----------------
Date: 11/17/99 8:41 PM
Received: 11/18/99 12:59 AM
From: Doug Muth - Suespammers.org SysAdmin, doug at suespammers.org
To: Tom Geller, tom at tgeller.com
On Mon, Nov 15, 1999 at 10:13:45AM -0800, Tom Geller wrote:
>I posted a note to Mailman-Users with your offer of documentation for
>suEXEC, and two people wrote me privately to say, "Sure, I'm
>interested". So I think it's worth writing up.
(Feel free to forward this in it's entirety)
On the system I administer (A Redhat 6.0 installation) we are
running suEXEC so that users can safely run CGIs. However, this presents
difficulties with Mailman, since its CGIs are SGID so that, in a normal
environment, any user can run it. That being said, here's how to set up
an installation of Mailman in an suEXEC environment:
1. Create your installation directory. I used
/usr/local/apache/htdocs/mailman on my system. I have mailman in the
/usr/local/apache/htdocs directory since that is "root" to suEXEC.
2. You'll need to create a Mailman user, then chgrp the directory
to the Mailman user so that the configure script doesn't complain. Then,
chmod 2755 the directory since configure also wants it to be SGID.
3. Run configure like this:
./configure --prefix=/usr/local/apache/htdocs/mailman --with-cgi-gid=doug
4. Make install
5. Change ownership on the Mailman installation to the user
owning it. "chmod -R doug.doug /usr/local/apache/htdocs/mailman" worked
6. "chmod u-s,g-s" the contents of the cgi-bin directory so that
suEXEC doesn't complain about trying to run a SUID/SGID program.
7. "chmod g-w cgi-bin" so that suEXEC doesn't complain about the
directory being writable by others.
8. Configure the webserver(s) using Mailman with the User and Group
directive to be set accordingly.
9. Proceed with the other steps in the mailman installation, but
be sure that it's done in terms of the user that you set this up, NOT
mailman. In fact, after configure is run, you should be able to safely
delete the mailman user and his home directory, as they will not be
If anyone has any questions or comments, I'm not on the
Mailman-users list, so feel free to write me directory at
dmuth at suespammers.org!
<Doug Muth> ------ <http://www.claws-and-paws.com/> ------ <Whois: DTM47>
Suespammers.org SysAdmin and BOFH *********** http://www.suespammers.org/
----------------- End Forwarded Message -----------------
Tom "I am not a lawyer" Geller
Geller Communications * San Francisco * tgeller.com
Other domains: suespammers.org, openppc.org, popcomputers.com
More information about the Mailman-Users