Re: [Mailman-Users] Error when accessing Mailman CGI web interface
-Original Message- From: John Dennis [mailto:[EMAIL PROTECTED] Sent: 20 December 2005 17:03 To: Mark Cave-Ayland Cc: 'Mark Sapiro'; mailman-users@python.org Subject: RE: [Mailman-Users] Error when accessing Mailman CGI web interface (cut) Then I don't think I can help :-( Your original post said the you built mailman with uid=gid=mailman and the wrapper seems to be executing correctly based on a subsequent post. All looks good from here. Here is the sequence that should be happening, see if you can find any reason why its not: apache invokes the cgi wrapper as the user 'apache', the cgi wrapper verifies it was called by apache, then the wrapper does a setgid to mailman and invokes the driver script, the driver script should be group mailman, so it should have no problems reading the driver script, but that is what is failing, go figure, seems like it should work. Hi John/Mark, Thank you both very much for you suggestions. I have finally managed to get mailman working on my FC3 box, after a lot of fiddling. What happened was that someone had already installed the mailman FC3 RPM on the box in question, and so I did an rpm -e to remove the old installation before installing the .tar.gz file. This left the mailman user in /etc/passwd, /etc/group and /etc/shadow and so I decided to make use of this existing user to run the new mailman install. However it seems that this was the cause of the problem. So I simply deleted and recreated the mailman user with a new uid/gid, and now everything works as expected. Many thanks, Mark. WebBased Ltd 17 Research Way Plymouth PL6 8BT T: +44 (0)1752 797131 F: +44 (0)1752 791023 http://www.webbased.co.uk http://www.infomapper.com http://www.swtc.co.uk This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Error when accessing Mailman CGI web interface
Hi everyone, I'm trying to install a fresh copy of mailman 2.1.6 on a FC3 machine with SELinux disabled, and running into a problem trying to access the web interface. My configure statement looks like this: ./configure \ --prefix=/home/mailman/domains/chuckie.co.uk \ --with-username=mailman \ --with-groupname=mailman \ --with-cgi-gid=apache I then do a make install followed by bin/check_perms -f as noted in the manual. However when I try and access the administration URL at http://server/mailman/admin then I get the following error in the Apache error log: [Tue Dec 20 14:23:00 2005] [error] [client 213.152.63.90] /usr/bin/python: can't open file '/home/mailman/domains/chuckie.co.uk/scripts/driver' [Tue Dec 20 14:23:00 2005] [error] [client 213.152.63.90] Premature end of script headers: admin What is strange is that I also get the same error if do this: su - apache cd ~/domains/chuckie.co.uk/cgi-bin admin But the following appears to work as expected, outputting a CGI error: su - apache /usr/bin/python /home/mailman/domains/chuckie.co.uk/scripts/driver Any help would be greatly appreciated. Many thanks, Mark. WebBased Ltd 17 Research Way Plymouth PL6 8BT T: +44 (0)1752 797131 F: +44 (0)1752 791023 http://www.webbased.co.uk http://www.infomapper.com http://www.swtc.co.uk This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
Mark Cave-Ayland wrote: However when I try and access the administration URL at http://server/mailman/admin then I get the following error in the Apache error log: [Tue Dec 20 14:23:00 2005] [error] [client 213.152.63.90] /usr/bin/python: can't open file '/home/mailman/domains/chuckie.co.uk/scripts/driver' [Tue Dec 20 14:23:00 2005] [error] [client 213.152.63.90] Premature end of script headers: admin What is strange is that I also get the same error if do this: su - apache cd ~/domains/chuckie.co.uk/cgi-bin admin But the following appears to work as expected, outputting a CGI error: su - apache /usr/bin/python /home/mailman/domains/chuckie.co.uk/scripts/driver What happens if you do the above with su - mailman instead of apache. At this point, the wrapper is invoking the driver as group mailman because it is SETGID. Are you sure SELinux is disabled? -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
-Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: 20 December 2005 16:08 To: Mark Cave-Ayland; mailman-users@python.org Subject: Re: [Mailman-Users] Error when accessing Mailman CGI web interface (cut) What happens if you do the above with su - mailman instead of apache. At this point, the wrapper is invoking the driver as group mailman because it is SETGID. Are you sure SELinux is disabled? Hi Mark, The su - mailman version works without any problems, e.g. su - mailman cd ~/domains/chuckie.co.uk/cgi-bin ./admin Content-type: text/html head titleMailman CGI error!!!/title /headbody h1Mailman CGI error!!!/h1 The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog: pre Group mismatch error. Mailman expected the CGI wrapper script to be executed as group apache, but the system's web server executed the CGI script as group mailman. Try tweaking the web server to run the script as group apache, or re-run configure, providing the command line option `--with-cgi-gid=mailman'./pre According to /etc/selinux/config: SELINUX=disabled SELINUXTYPE=targeted Looking at the mailman source, I guess that somehow the execve() call is failing but I'm not sure exactly where to start digging... Many thanks, Mark. WebBased Ltd 17 Research Way Plymouth PL6 8BT T: +44 (0)1752 797131 F: +44 (0)1752 791023 http://www.webbased.co.uk http://www.infomapper.com http://www.swtc.co.uk This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
what does ls -l /home/mailman/domains/chuckie.co.uk/scripts/driver say? what does /usr/sbin/getenforce say? -- John Dennis [EMAIL PROTECTED] -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
Mark Cave-Ayland wrote: The su - mailman version works without any problems, e.g. su - mailman cd ~/domains/chuckie.co.uk/cgi-bin ./admin I meant try su - mailman /usr/bin/python /home/mailman/domains/chuckie.co.uk/scripts/driver (or perhaps) /usr/bin/python /home/mailman/domains/chuckie.co.uk/scripts/driver admin -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
-Original Message- From: John Dennis [mailto:[EMAIL PROTECTED] Sent: 20 December 2005 16:32 To: Mark Cave-Ayland Cc: 'Mark Sapiro'; mailman-users@python.org Subject: Re: [Mailman-Users] Error when accessing Mailman CGI web interface what does ls -l /home/mailman/domains/chuckie.co.uk/scripts/driver say? what does /usr/sbin/getenforce say? Hi John, Thanks for your help. This is what I get from the two commands above: $ ls -l /home/mailman/domains/chuckie.co.uk/scripts/driver -rw-r--r-- 1 mailman mailman 9736 Dec 20 14:20 /home/mailman/domains/chuckie.co.uk/scripts/driver $ /usr/sbin/getenforce Disabled Many thanks, Mark. WebBased Ltd 17 Research Way Plymouth PL6 8BT T: +44 (0)1752 797131 F: +44 (0)1752 791023 http://www.webbased.co.uk http://www.infomapper.com http://www.swtc.co.uk This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
-Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: 20 December 2005 16:38 To: Mark Cave-Ayland; mailman-users@python.org Subject: RE: [Mailman-Users] Error when accessing Mailman CGI web interface (cut) I meant try su - mailman /usr/bin/python /home/mailman/domains/chuckie.co.uk/scripts/driver (or perhaps) /usr/bin/python /home/mailman/domains/chuckie.co.uk/scripts/driver admin Hi Mark, Sorry for the misunderstanding. Both of the /usr/bin/python ... lines above work without any problems, using either the mailman user or the apache user. Many thanks, Mark. WebBased Ltd 17 Research Way Plymouth PL6 8BT T: +44 (0)1752 797131 F: +44 (0)1752 791023 http://www.webbased.co.uk http://www.infomapper.com http://www.swtc.co.uk This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
On Tue, 2005-12-20 at 16:42 +, Mark Cave-Ayland wrote: Thanks for your help. This is what I get from the two commands above: $ ls -l /home/mailman/domains/chuckie.co.uk/scripts/driver -rw-r--r-- 1 mailman mailman 9736 Dec 20 14:20 /home/mailman/domains/chuckie.co.uk/scripts/driver $ /usr/sbin/getenforce Disabled Then I don't think I can help :-( Your original post said the you built mailman with uid=gid=mailman and the wrapper seems to be executing correctly based on a subsequent post. All looks good from here. Here is the sequence that should be happening, see if you can find any reason why its not: apache invokes the cgi wrapper as the user 'apache', the cgi wrapper verifies it was called by apache, then the wrapper does a setgid to mailman and invokes the driver script, the driver script should be group mailman, so it should have no problems reading the driver script, but that is what is failing, go figure, seems like it should work. -- John Dennis [EMAIL PROTECTED] -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Error when accessing Mailman CGI web interface
Mark Cave-Ayland wrote: Sorry for the misunderstanding. Both of the /usr/bin/python ... lines above work without any problems, using either the mailman user or the apache user. I know you said you rean check_perms, but verify that all the scripts in cgi-bin/ are SETGID and group mailman. BTW, does the listinfo page work? -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
