[Mailman-Users] Permissions on public archives (apache 403)
tmz at pobox.com
Fri May 26 20:03:40 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Michael Berkowski wrote:
>> What are the permissions on /var/lib/mailman? Are you running
>> SeLinux or any other 'extra' access controls?
> SELinux is running and /var/lib/mailman looks like:
> drwxrwsr-x 9 mailman mailman 4096 Apr 17 15:17 mailman
With SELinux, you also often want to see the security context. The -Z
option to ls does this. On my FC5 system, /var/lib/mailman has:
drwxrwsr-x root mailman system_u:object_r:mailman_data_t /var/lib/mailman/
And to check if SELinux is the reason you're getting errors, you need
to look in /var/log/messages (or /var/log/audit/audit.log if the audit
daemon is installed)
Of course, reading the avc denial messages is the kind of black voodoo
that makes Apache's mod_rewrite look like it was written for 5 year
When I'm in doubt, I turn off SELinux and try the action I was having
problems with. If it works you found you problem. From there you'd
have to modify the SELinux policy or file a bug to have that done.
I've only just started toying with it, so I'm a long way from knowing
how to modify policy properly. Anyway, you can use setenforce 0 to
turn off selinux temporarily if you want to check that.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
Ever notice that even the busiest people are never too busy to tell
you just how busy they are?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
-----END PGP SIGNATURE-----
More information about the Mailman-Users