[Mailman-Users] Permission denied: '/home/mailman/lists/test/config.db'

Bill Moseley moseleymm at hank.org
Sun Nov 25 21:48:32 CET 2001 

Hi,

Trying hard to figure this out myself :-(  I was able to find a number of
posts with this same problem, but no solutions.

I wonder if I don't understand sguid very well.

mailman 2.0.7, python 1.5.2.  Sendmail 8.10.1
Linux mardy 2.2.13 #1 Mon Nov 8 15:51:29 CET 1999 i686 unknown
(ya, time for an update...)

Here's the setup:

sendmail runs with a guid of daemon, and the web server has a Group of users.

./configure --with-mail-gid=daemon --with-cgi-gid=users
(I ran make && make install as user mailman).

Seems as if my /home doesn't allow suid, so I had to run bin/check_perms -f
as root to correct the suid bits.

Web interface works fine.  I can add members to the test list without
problem via the web interface.


Here's what the files look like:

> ls -ld /home/mailman
drwxrwsr-x  19 mailman  mailman      4096 Nov 25 11:27 /home/mailman


I get the error when trying to send mail to the list:

IOError: [Errno 13] Permission denied: '/home/mailman/lists/test/config.db'

Here's sendmail passing off to the wrapper:

Nov 25 11:32:34 mardy sendmail[25300]: fAPJWYu25299:
to="|/home/mailman/mail/wrapper post test", ctladdr=<test at mardy.hank.org>
(2/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=30051, dsn=2.0.0,
stat=Sent

Here's the wrapper. It's sguid.

> ls -l /home/mailman/mail/wrapper
-rwxr-sr-x   1 mailman  mailman     30971 Nov 25 11:27
/home/mailman/mail/wrapper

Here's the database, which has mailman group read access.

> ls -l /home/mailman/lists/test/config.db
-rw-rw----   1 nobody   mailman      2968 Nov 25 11:35
/home/mailman/lists/test/config.db

So I'm a bit confused why the permission denied error.


I'm trying to understand: --with-mail-gid=daemon says to compile the
wrapper script to only run if it's run with a real guid of "daemon", which
is what sendmail is running as. (the idea is to limit what can run the
wrapper script).  The wrapper script is set guid, so it should then be able
to access the config.db, right?  Same situation for the cgi scripts.




Bill Moseley
mailto:moseley at hank.org

More information about the Mailman-Users mailing list