[Mailman-Users] Mailman won't work - can you help?
john at johnbarrus.com
Mon Nov 3 15:15:03 CET 2003
The server is running as user "apache". If you look through the original
message, you will see that I only ran the
/usr/local/mailman/cgi-bin/admin as root to show that the command does
in fact run. Of course, as root the program outputs an error. The
program won't run at all when "apache" tries to execute it.
Unfortunately, as "apache", I get a permissions error that I don't
From the original message:
I su to user "apache" and try it again
[root at www cgi-bin]# su apache
[apache at www cgi-bin]$ ./admin
sh: ./admin: Permission denied
Well, why won't it run? I check the permissions...
[apache at www cgi-bin]$ ls -l | grep admin
-rwxr-sr-x 1 root mail 36849 Nov 1 18:50 admin*
-rwxr-sr-x 1 root mail 36857 Nov 1 18:50 admindb*
[apache at www cgi-bin]$ ls -l .. | grep cgi
drwxrwsr-x 2 root mail 4096 Nov 1 18:50 cgi-bin/
[apache at www cgi-bin]$ ls -l ../.. | grep mailman
drwxrwsr-x 13 root root 4096 Nov 1 18:50 mailman/
Seems like everything is setgid as it should be. I also chown'ed and
chgrp'd the files to the apache owner and group, but of course I had the
same result. bin/check_perms -f made all the files owned by "mail" again.
Just for fun, check the version I'm running...
[root at www mailman]# bin/version
Using Mailman version: 2.1.3
I'm still stuck. Anyone else have any ideas?
Simon White wrote:
>02-Nov-03 at 14:06, Doug Griswold (griswld at cio.sc.gov) wrote :
>>Your apache server is executing the cgi as root.
>I'm not sure there is full evidence for this, the message which implied
>it was running as root was from a command line test, not from Apache. I
>can't believe a large distro like Mandrake would let Apache run as root
>(unless, of course, it's been hand compiled and _specifically_
>configured to do so).
>>You have run ./configure --with-cgi-gid=apache but it needs to be
>>./cofigure --with-cgi-gid=root. But this is a bad idea better to
>>change how your webserver is running. It probably should be executing
>>the cgi as group is apache in httpd.conf there should be an entry si
>>iliar to this.
>Never let anything run as root if you can avoid it. To find out what
>Apache is running as, do:
>$ ps -aux | grep httpd
>root 19848 0.0 0.2 4624 72 ? S Sep26 0:00 /var/apache/bin/httpd
>nobody 19849 0.0 0.9 13616 276 ? S Sep26 19:37 [httpd]
>[... several more lines like the second one ...]
>Always one master process as root, but that one only serves as a
>listener to spawn children running as nobody... because you have to be
>root to listen to ports < 1024 in most circumstances.
>Here in the example my Apache server runs as nobody. The username for
>your Apache may be different. As Doug said, it will be in the httpd.conf
>Find out which user your Apache server is running as for sure, then
>recompile Mailman passing --with-cgi-gid=<userid which runs your apache>
>There may be other permissions issues, but this issue needs to be
>checked before others. As you said you've reinstalled several times,
>there could be junk lying around messing up an otherwise correct config
>that you've thought was wrong...
More information about the Mailman-Users