[Mailman-Users] Mailman vs. Apache - please help
Ben
ben at ahualoa.net
Wed Dec 21 07:40:40 CET 2005
Mark,
Thanks very much for tackling my issue.
> -----Original Message-----
> From: Mark Sapiro [mailto:msapiro at value.net]
> Sent: Tuesday, December 20, 2005 3:23 PM
>
> >"Mailman CGI error!!!
> >Group mismatch error. Mailman expected the CGI wrapper script to be
> >executed as group "mm", but the system's web server executed the CGI
> >script as group "Administrators".
> >
> >Does this really mean I have to force Apache to run as a user in the
> >"mm" group?
>
> No. You don't need (or want) suEXEC.
I'm very glad to hear it, because I suspect that suEXEC doesn't really
exist on Cygwin in any case.
> The above message
> indicates that you configured mailman with --with-cgi-gid=mm.
> This is not what you wanted to do as it requires you to have
> Apache run the cgi-bin wrappers as group 'mm'
I believe you, and I'll try it next with a 'mm' group, but it is a
little alarming, because that contradicts the Mailman documentation (GNU
Mailman - Installation Manual, section 2.1) which says:
"Mailman _requires_ a unique user and group name which will own
its files, and under which its processes will run. Mailman's basic
security is based on group ownership permissions, so it's important to
get this step right. Typically, you will add a new user and a new group,
both called mailman. The mailman user must be a member of the mailman
group."
It also contradicts the Whole Mailman FAQ
(http://www.python.org/cgi-bin/faqw-mm.py?req=all#5.2), which explicitly
walks you through creating the "mailman" user and the "mm" group, under
Cygwin no less.
> (which I think you could do with User and Group directives
> rather than suEXEC, but you don't want to anyway).
I looked all through the Apache documentation but didn't find any User
or Group directives. The relevant portion of the Apache site:
http://httpd.apache.org/docs/2.0/mod/mod_cgi.html
Has a link "Running CGI programs under different user IDs" which directs
you to a page on suEXEC. There is no other way, unless it is
undocumented.
> What you need is just what it says. Rerun configure with
> --with-cgi-gid=Administrators instead of --with-cgi-gid=mm
> (and the rest of the options the same as before) and then run
> 'make install'.
I will try it. If this proves to work, then there are some serious
changes needed to the Mailman documentation and FAQ.
Thanks,
Ben
More information about the Mailman-Users
mailing list