[Mailman-Users] permission error on email create

[John Dennis]

> I am trying to create a list, but I am running into permission problems:
>
> admin(8194):     os.mkdir(self.archive_dir()+'.mbox', 02775)
> admin(8194): OSError: [Errno 13] Permission denied:
> '/usr/local/mailman/archives /private/49ers.mbox'
>
> I ran the check_perms script and it did not find any errors.
>
> What are the permissions supposed to be for this? What needs to be done
> to get this to create the directories itself?

If you are running FC3 or RHEL4 there is a known bug in the SELinux security
policy. These OS's introduced SELinux a much more secure protection
mechanism
that goes far beyond traditional UNIX permissions. It monitors everything
and
decides based on rules if an operation is to be permitted. These rules are
called the security policy. In FC3 and RHEL4 SELinux was enabled by default
for a tartgeted set of systems services, especially services connected via
the network. Mailman was one of the services that was put under the control
of SELinux, along with apache, the MTA's etc.

If an operation violates the security policy it appears to a traditional
application as a permissions problem, but the traditional permissions may
be just fine. When this happens its logged in /var/log/messages with line
containing something like "avc access denied".

There is a known bug in the SELinux policy for FC3 (RHEL4?) that trips up
mailman's ability to create a new list from the web interface. This is not
a mailman bug. Running check_perms -f will not fix this because the
permissions are fine, its the security policy.

The bug has been fixed in selinux-policy-targeted-1.17.30-2.80. If you
upgrade to this version or later of the selinux-policy-targeted the
problem should go away. Or you can disable SELinux by running the
system-config-securitylevel applet.

--
John Dennis <jdennis at redhat.com>