[Mailman-Users] IOError: [Errno 13] Permission denied on config.pck in Fedora 30

Mark Sapiro mark at msapiro.net
Thu Jul 25 14:00:20 EDT 2019 

On 7/25/19 7:50 AM, Robert Kudyba wrote:
> OK almost there. I can get into the admin however for each list, I am still
> getting permission errors.
> 
> Here are the current perms:
> ls -l /var/lib/mailman/lists/datastr
> total 32
> -rw-rw-rw- 1 mailman mailman 9250 Jul 23 14:15 config.pck> -rw-rw-rw- 1 mailman mailman 9250 Jul 23 09:00 config.pck.last
> -rw-rw-rw- 1 mailman mailman  130 Mar 31  2016 pending.pck
> -rw-rw-rw- 1 mailman mailman   20 Apr  1  2016 request.pck


The 'other' permissions above should not be needed.


> ls -ld /var/lib/mailman/lists/datastr
> drwxrwsr-x 2 mailman mailman 85 Jul 23 14:15 /var/lib/mailman/lists/datastr


If you make this directory o+w it will solve your problem, but that is
the wrong solution.


> So the below tmp file cannot write into the directory.
> 
> Jul 25 10:45:29 2019 (10878) Failed config.pck write, retaining old state.
> [Errno 13] Permission denied:
> '/var/lib/mailman/lists/datastr/config.pck.tmp.ourdomain.edu.10878'
> Jul 25 10:45:29 2019 admin(10878):
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> admin(10878): [----- Mailman Version: 2.1.29 -----]
> admin(10878): [----- Traceback ------]
> admin(10878): Traceback (most recent call last):
> admin(10878):   File "/usr/lib/mailman/scripts/driver", line 117, in
> run_main
> admin(10878):     main()
> admin(10878):   File "/usr/lib/mailman/Mailman/Cgi/admin.py", line 250, in
> main
> admin(10878):     mlist.Save()
> admin(10878):   File "/usr/lib/mailman/Mailman/MailList.py", line 613, in
> Save
> admin(10878):     self.__save(dict)
> admin(10878):   File "/usr/lib/mailman/Mailman/MailList.py", line 568, in
> __save
> admin(10878):     fp = open(fname_tmp, 'w')
> admin(10878): IOError: [Errno 13] Permission denied:
> '/var/lib/mailman/lists/datastr/config.pck.tmp.ourdomain.edu.10878'
...
> Isn't this similar to my other issue? I believe the user "apache" needs to
> write that tmp file?


All your issues point to the same thing. The SETGID bit on the
/usr/lib/mailman/cgi-bin/ wrappers is not being honored and the CGI
processes are not running as effective group 'mailman'.

To see the effective group that the CGIs run as, apply the attached
patch to /usr/lib/mailman/scripts/driver. This will print the effective
group of the process between the Traceback and the Python Information.
It should be 'mailman', but I think in your case it won't be.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
--- ../../2.1/scripts/driver	2018-04-13 09:24:59.491372477 -0700
+++ driver	2019-07-25 10:52:45.729379682 -0700
@@ -20,6 +20,7 @@
 # This better succeed.  If this fails, Python is royally screwed so we might
 # as well let the Web server give us a fatal and obtrusive error.
 import os
+import grp
 import sys
 
 # From here on we are as bulletproof as possible!
@@ -196,6 +197,8 @@
     except ImportError:
         os = None
 
+    # Write effective GROUP
+    print >> logfp, 'Process effective group =', grp.getgrgid(os.getegid())[0]
     # Write some information about our Python executable to the log file.
     print >> logfp, '[----- Python Information -----]'
     print >> logfp, 'sys.version     =', sys.version
@@ -207,6 +210,8 @@
 
     # Write the same information to the HTML sink.
     if not STEALTH_MODE:
+        print '<p>Process effective group =', grp.getgrgid(os.getegid())[0]
+        print '</p>'
         print '''\
 <p><hr><h4>Python information:</h4>

More information about the Mailman-Users mailing list