[Mailman-Users] chroot, OpenBSD, Apache, and Mailman

David Newman dnewman at networktest.com
Sat Apr 19 22:10:29 CEST 2008

Mark Sapiro wrote:
>> I suspect a permissions problem. Mailman would not serve up pages when 
>> all files were owned by group mailman, so I did 'chgrp -R www 
>> /var/www/mailman'. But after trying to create a list, the
>> aliases file is mode 660, owned by root:www.
> This is probably a mistake. Mailman relies on everything being group
> Mailman and the CGI and mail wrappers being group Mailman and SETGID
> so everything runs as group Mailman. If the chroot jail doesn't allow
> SETGID to work, then I'm not sure what you'ld need to do, but whatever
> user:group structure you have, both the web server and the MTA have to
> be able to write various Mailman files.

Yes, that's the key issue. The OpenBSD chroot won't SETGID in part 
because it mounts the /var partition nosuid, which forbids SETGID. In 
theory it's possible to disable this, and get the python and other 
binaries and libraries into the chroot environment, but at that point 
there's really no benefit to running chroot'ed.

The much easier (if somewhat less secure) solution is to run Apache 
without chroot. Just set 'httpd_flags=-u' in /etc/rc.conf.

After restarting Apache, Mailman installed clean with the default 
configure options.

thanks very much


More information about the Mailman-Users mailing list