[Mailman-Users] Permission issues - was: Duplicate Subscription Confirmations
mark at msapiro.net
Fri Dec 12 21:24:20 CET 2008
James Weingarten wrote:
>I had a problem with permissions that prevented the Mailman GUI from
>successfully creating list. The GUI returned the following error:
>Bug in Mailman version 2.1.9
>We're sorry, we hit a bug!
>Please inform the webmaster for this site of this
>problem. Printing of traceback and other system information has been
>explicitly inhibited, but the webmaster can find this information in the
>Mailman error logs.
>and the error log shows:
>Dec 12 11:35:27 2008 (3669) command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted)
>Dec 12 11:35:27 2008 admin(3669): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>admin(3669): [----- Mailman Version: 2.1.9 -----]
>admin(3669): [----- Traceback ------]
>admin(3669): Traceback (most recent call last):
>admin(3669): File "/usr/lib/mailman/scripts/driver", line 101, in run_main
>admin(3669): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 56, in main
>admin(3669): process_request(doc, cgidata)
>admin(3669): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 238, in process_request
>admin(3669): sys.modules[modname].create(mlist, cgi=1)
>admin(3669): File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 232, in create
>admin(3669): File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 53, in _update_maps
>admin(3669): raise RuntimeError, msg % (acmd, status, errstr)
>admin(3669): RuntimeError: command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted)
>The problem was alleged to be caused by thefact that the web server process owner "apache" was calling this process. Apparently, this user did not have permissions to execute the command. After fiddling with ownerships and permissions, I was never able to resolve the problem and had to resort to command line "newlist" to create all lists. Do you have any idea what is causing this problem?
Yes, it is permissions. Actually, in the above case, the list was
created and its aliases were added to /etc/mailman/aliases and only
the the execution of /usr/sbin/postalias to update the aliases.db file
I suspect since the aliases are in /etc/mailman, that this is a RedHat
package. I'm not 100% certain how to translate what I know into this
RedHat structure, but
1) All the files (wrappers) in /usr/lib/mailman/cgi-bin/ (in particular
for this, /usr/lib/mailman/cgi-bin/create) should be group 'mailman'
and SETGID. Typically they are like
-rwxr-sr-x 1 root mailman 15993 Jun 30 11:23 create
although the owner isn't important.
2) The files /etc/mailman/aliases and /etc/mailman/aliases.db need to
be group writable and group 'mailman'. E.g.
-rw-rw---- 1 root mailman 7193 Dec 3 13:08 aliases
-rw-rw---- 1 mailman mailman 12288 Dec 3 13:08 aliases.db
If that doesn't resolve the problem, it may be a SELinux issue.
>Also, (and this may be related), I am seeing the following error in the Mailman error log:
>Dec 11 15:51:24 2008 (2107) SHUNTING: 1229039483.4080291+18102d31f7e1d52f9d4ca593ddb48d23f9e7d00e
>Dec 11 15:51:24 2008 (2104) Archive file access failure:
> /var/lib/mailman/archives/private/listname.mbox/listname.mbox [Errno 13] Permission denied: '/var/lib/mailman/archives/private/listname.mbox/listname.mbox'
>Dec 11 15:51:24 2008 (2104) Uncaught runner exception: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/listname.mbox/listname.mbox'
>Dec 11 15:51:24 2008 (2104) Traceback (most recent call last):
> File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 112, in _oneloop
> self._onefile(msg, msgdata)
> File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 170, in _onefile
> keepqueued = self._dispose(mlist, msg, msgdata)
> File "/usr/lib/mailman/Mailman/Queue/ArchRunner.py", line 73, in _dispose
> File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 200, in ArchiveMail
> File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 169, in __archive_to_mbox
> mbox = self.__archive_file(afn)
> File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 157, in __archive_file
> return Mailbox.Mailbox(open(afn, 'a+'))
>IOError: [Errno 13] Permission denied: '/var/lib/mailman/archives/private/listname.mbox/listname.mbox'
>The "check_perms" command reports no problems. What should the owner be for the archive directories and files? What should the permissions be?
There are some known problems with check_perms and archives.
the directories /var/lib/mailman/, /var/lib/mailman/archives/ and all
subordinate directories except for /var/lib/mailman/archives/private/
itself and the /var/lib/mailman/archives/private/LISTNAME/database
directories should be
drwxrwsr-x 5 owner mailman
(owner doesn't matter)
/var/lib/mailman/archives/private/ should be either
drwxrws--x 5 owner mailman
drwxrws--- 5 apache mailman
assuming apache is the web server user.
The /var/lib/mailman/archives/private/LISTNAME/database directories
drwxrws--- 5 owner mailman
All the files should be group writable and group 'mailman' and except
for those in the /var/lib/mailman/archives/private/LISTNAME/database
directories, they should be world readable.
This is not related to the create error except in that they are both
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users