[Mailman-Users] confusing permission errors, help please
Hugh Esco
he at reclaimedcomputers.ca
Tue Dec 20 21:33:18 CET 2005
Mr. Sapiro:
Thank you sir, for your help.
Yes, I ran check_perms with and without -f as root until I got good results.
I've now added the following stanza to my vhost.conf file:
<Directory /u/m/mumble/mailman/cgi-bin/>
Options ExecCGI
SetHandler cgi-script
</Directory>
I don't know what would have undone that. That stanza is not needed apparently in the other vhost I have. Perhaps, since this is a third level domain, I ought to check the conf file for its second level configuration.
I had started setting up mailman (and a couple of other applications) in my apache config file, before the third level was delegates to me. I commented all of those out and still get the same errors in the browser:
Forbidden
You don't have permission to access /mailman/listinfo on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
The apache error log for mumble still says:
[Tue Dec 20 13:29:44 2005] [error] [client nnn.nnn.nnn.nnn]
(13)Permission denied: access to /mailman/listinfo denied
Your answer about using a single user for every instance of mailman didn't indicate if I was actually going overboard by creating instance specific users for each installation. I have paired up user1 with mumble1, user2 with mumble2, etc., as an added security barrier and to protect users and their archives from one another. Will it run this way? Is that necessary?
If I use a single source directory, yet install in multiple installation directories, each serving its own vhost, can two instances share a listname so I can have dx at mumble1.example.com and another at dx at mumble2.example.com?
-- Hugh
On Tue, 20 Dec 2005 08:31:47 -0800
Mark Sapiro <msapiro at value.net> wrote:
> Hugh Esco wrote:
>
> >I might need to do several instances of mailman before the new year, sailed right through my first install, but got stuck on the second one. I'm seeking advice on how to build this. Apparently I will need a distinct instance for each virtual host of the $prefix heirarchy. I'm wondering though if I can have only a single copy of the installation directory which is created from unpacking the tar ball.
>
>
> I'm not sure what you're saying. Yes, you can unpack the tarball only
> once into one source directory, but then for each mailman instance
> you'll have to run configure in that directory with completely
> separate --prefix (and --exec-prefix and --with-var-prefix if used)
> values followed by "make install: for that instance.
>
>
> >Also, I'm creating a unique vhost specific user for each instance of mailman. Is this overkill? Can a single mailman user support multiple vhosts?
>
>
> Yes. One mailman instance can support multiple vhosts. The restriction
> is that since a single mailman instance has only one 'namespace' for
> listnames, you can't have the same list name on two different vhosts
> supported by the same mailman instance.
>
> See
> <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.047.htp>
>
>
> >At any rate, to the error at hand:
> >
> >At: http://mumble.example.ca/mailman/listinfo
> >Browser reports error as:
> >Forbidden
> >
> >You don't have permission to access /mailman/listinfo on this server.
> >
> >Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
> >
> >/var/log/apache/mumble-error.log says:
> >[Mon Dec 19 22:43:27 2005] [error] [client nn.nnn.nn.nnn] (13)Permission denied: access to /mailman/listinfo denied
> >
> >permissions on directory and file are:
> >
> >drwxrwsr-x 2 mumble mumble 320 Dec 19 18:38 cgi-bin
> >-rwxr-sr-x 1 mumble mumble 36637 Dec 19 18:38 cgi-bin/listinfo
> >
> >apache configuration (which works based on function of other aliases) includes:
> > ScriptAlias /mailman/ /u/m/mumble/mailman/cgi-bin/
> >
> >OK. I'm stumped.
>
>
> Have you run /u/m/mumble/mailman/bin/check_perms?
>
>
> >I would think that perhaps adding the apache user to the mumble group might do it, but /etc/group shows that the instance of mailman I put up two days ago (another virtual host on the same gentoo server), which works, did not require that intervention. And I see that the permissions are 02755 on the script, so apache ought to be able to execute the script regardless.
> >
>
>
> I agree.
>
> Do you perhaps have something in your Apache config that directly or
> indirectly removed the ExecCGI option from the
> /u/m/mumble/mailman/cgi-bin/ directory?
>
> --
> Mark Sapiro <msapiro at value.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
--
RCK Computer Services
http://reclaimedcomputers.ca/
More information about the Mailman-Users
mailing list