[Mailman-Users] Setting up suEXEC and Mailman so they'll play nice

Tom Geller tom at suespammers.org
Thu Nov 18 10:23:55 CET 1999

As promised, from my sysadmin Doug Muth.


---------------- Begin Forwarded Message ----------------

Date:        11/17/99 8:41 PM
Received:    11/18/99 12:59 AM
From:        Doug Muth - Suespammers.org SysAdmin, doug at suespammers.org
To:          Tom Geller, tom at tgeller.com

On Mon, Nov 15, 1999 at 10:13:45AM -0800, Tom Geller wrote: 
>I posted a note to Mailman-Users with your offer of documentation for 
>suEXEC, and two people  wrote me privately to say, "Sure, I'm 
>interested". So I think it's worth writing up.

	(Feel free to forward this in it's entirety)

	On the system I administer (A Redhat 6.0 installation) we are 
running suEXEC so that users can safely run CGIs.  However, this presents 
difficulties with Mailman, since its CGIs are SGID so that, in a normal 
environment, any user can run it.  That being said, here's how to set up 
an installation of Mailman in an suEXEC environment:

	1. Create your installation directory.  I used 
/usr/local/apache/htdocs/mailman on my system.  I have mailman in the 
/usr/local/apache/htdocs directory since that is "root" to suEXEC.

	2. You'll need to create a Mailman user, then chgrp the directory 
to the Mailman user so that the configure script doesn't complain.  Then, 
chmod 2755 the directory since configure also wants it to be SGID.

	3. Run configure like this:

	./configure --prefix=/usr/local/apache/htdocs/mailman --with-cgi-gid=doug

	4. Make install

	5. Change ownership on the Mailman installation to the user 
owning it.  "chmod -R doug.doug /usr/local/apache/htdocs/mailman" worked 
for me.

	6. "chmod u-s,g-s" the contents of the cgi-bin directory so that 
suEXEC doesn't complain about trying to run a SUID/SGID program.

	7. "chmod g-w cgi-bin" so that suEXEC doesn't complain about the 
directory being writable by others.

	8. Configure the webserver(s) using Mailman with the User and Group 
directive to be set accordingly.

	9. Proceed with the other steps in the mailman installation, but 
be sure that it's done in terms of the user that you set this up, NOT 
mailman.  In fact, after configure is run, you should be able to safely 
delete the mailman user and his home directory, as they will not be 
needed anymore.

	If anyone has any questions or comments, I'm not on the 
Mailman-users list, so feel free to write me directory at 
dmuth at suespammers.org!


<Doug Muth> ------ <http://www.claws-and-paws.com/> ------ <Whois: DTM47>
Suespammers.org SysAdmin and BOFH *********** http://www.suespammers.org/

----------------- End Forwarded Message -----------------

              Tom "I am not a lawyer" Geller
    Geller Communications  *  San Francisco * tgeller.com
Other domains: suespammers.org, openppc.org, popcomputers.com

More information about the Mailman-Users mailing list