[Mailman-Users] Internal Server Error

Mark Sapiro mark at msapiro.net
Tue Nov 10 23:18:58 CET 2009

Carl Parsons wrote:
>I rebuilt suexec so docroot is
>-bash-3.2# suexec -V
> -D AP_DOC_ROOT="/home"
> -D AP_GID_MIN=100
> -D AP_HTTPD_USER="apache"
> -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
> -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
> -D AP_UID_MIN=500
> -D AP_USERDIR_SUFFIX="public_html"
>created a directory /home/mailman to put the cgi-bin files copying from 
>/usr/lib/mailman/cgi-bin to

You didn't have to do that.

See my reply at
The important part of that reply is

>First a big caveat. Mailman's security model is not compatible with
>suexec. You can make it work if you only host a single domain, but
>beyond that, it's a pain or impossible. Maybe your recompilation will
>help. I don't know.

>[2009-10-21 10:32:43]: uid: (505/mysite.com) gid: (505/mysite) cmd: listinfo
>[2009-10-21 10:32:43]: target uid/gid (505/505) mismatch with directory 
>(0/41) or program (0/41)
>When http is at mysite.com it executes as user mysite.

Apache is trying to run the wrapper as suExec uid and gid
uid: (505/mysite.com) gid: (505/mysite)

Your wrappers and the directory containing them are owned by root and
group 41 whatever that is. This is a violation of items 14 and 16 at

Note that the wrapper also can't be SETGID (to any group), so
everything will run as user/group 505/505 which in turn means that all
mailman code must be readable by that user/group and all existing an
future mutable data must be writable by that user/group.

For practical purposes this means that Mailman must be
configured/installed with GID 505.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list