[Mailman-Users] Site password not functioning
Good morning, While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the The list administrator may not view the other subscriptions for this user. error. I know this worked previously, but I don't know what changed. So far I have changed the site password using mmsitepass, run check_perms -f until there are no permissions errors, and restarted mailman, none of which changed the behavior. This is Mailman 2.1.13 running on Mac OS X server 10.5.8 Any suggestions will be greatly appreciated. -Rob -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
On Thu, 1 Apr 2010, Rob wrote: Good morning, While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the The list administrator may not view the other subscriptions for this user. error. I know this worked previously, but I don't know what changed. ... This is Mailman 2.1.13 running on Mac OS X server 10.5.8 Did you install from sources or are you running the version Apple provides with OS X Server? If the latter, what probably changed is Apple updating you to 2.1.13 in the Security Update that came out last week (I'm assuming you must have installed that already). The Release Notes for the update say it upgraded Mailman. Apple's idea of security vulnerabilities can sometimes be considered as being the way you want to use a product is not the way they think you should be using it. Like every Security Update on OS X Client reconfiguring Postfix so that it does not listen to the outside world. Their idea is you don't run a full-blown mail server on Client so listening to the outside world is a vulnerability while for those of who do want the full-blown server, it's a feature. :-( (make note to self, make backup copies of the Postfix config files before installing the update this weekend). -- Larry Stone lston...@stonejongleux.com -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
On Thu, Apr 01, 2010 at 10:54:30AM -0500, Larry Stone wrote: make backup copies of the Postfix config files before installing the update this weekend). My configs are in subversion (migrated from RCS). Very useful for undoing those 'helpful' changes installers like to make. More hip kids might use git, or another (d)VCS. -- ``The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.'' (George Bernard Shaw) -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
Rob wrote: While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the The list administrator may not view the other subscriptions for this user. error. I know this worked previously, but I don't know what changed. So far I have changed the site password using mmsitepass, run check_perms -f until there are no permissions errors, and restarted mailman, none of which changed the behavior. This is Mailman 2.1.13 running on Mac OS X server 10.5.8 If you just upgraded Mailman, this was changed in 2.1.7. If that is not the explaination, it is probably that you don't have ALLOW_SITE_ADMIN_COOKIES = Yes in mm_cfg.py. Be sure and read the documentation in Defaults.py before changing this. Also, if you have upgraded, see the FAQ at http://wiki.list.org/x/aICB. And finally, the bounced reminder should list all the user's subscriptions. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
On Apr 1, 2010, at 12:23 PM, Mark Sapiro wrote: Rob wrote: While dealing with a flood of returned mails generated by the monthly password reminders sent out today, I noticed that my site admin password no longer functions correctly. Mailman accepts the password, and I can make changes to records, but if I attempt, for instance, to view a user record and choose the 'List my other subscriptions' button, I get the The list administrator may not view the other subscriptions for this user. error. I know this worked previously, but I don't know what changed. So far I have changed the site password using mmsitepass, run check_perms -f until there are no permissions errors, and restarted mailman, none of which changed the behavior. This is Mailman 2.1.13 running on Mac OS X server 10.5.8 If you just upgraded Mailman, this was changed in 2.1.7. If that is not the explaination, it is probably that you don't have ALLOW_SITE_ADMIN_COOKIES = Yes in mm_cfg.py. Be sure and read the documentation in Defaults.py before changing this. Also, if you have upgraded, see the FAQ at http://wiki.list.org/x/aICB. And finally, the bounced reminder should list all the user's subscriptions. Thanks. I have not recently upgraded or changed Mailman, though there was a recent Apple security update, and I'm not sure if it could have included a Mailman upgrade within it. The apparently huge number of expired addresses which bounced to the -owner address today suggests (based on my understanding of the wiki article you referenced) that there must have been an upgrade included. I added ALLOW_SITE_ADMIN_COOKIES = Yes to mm_cfg.py and restarted mailman, but the behavior persists, or else I am not understanding the new behavior of the site admin password. Essentially I use the site admin password to quickly traverse multiple list config options without having to enter the list password for each list, delete users from multiple lists, or change their passwords for them. And, yes, the bounced reminder did list all of the user's subscriptions. Thanks for your help. -Rob -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
Rob wrote: Thanks. I have not recently upgraded or changed Mailman, though there was a recent Apple security update, and I'm not sure if it could have included a Mailman upgrade within it. The apparently huge number of expired addresses which bounced to the -owner address today suggests (based on my understanding of the wiki article you referenced) that there must have been an upgrade included. According to the reply at http://mail.python.org/pipermail/mailman-users/2010-April/069199.html, there was. I added ALLOW_SITE_ADMIN_COOKIES = Yes to mm_cfg.py and restarted mailman, but the behavior persists, or else I am not understanding the new behavior of the site admin password. Essentially I use the site admin password to quickly traverse multiple list config options without having to enter the list password for each list, delete users from multiple lists, or change their passwords for them. Did you stop and restart your browser or clear the relevant cookies from the browser? (an admin logout should suffice). If ALLOW_SITE_ADMIN_COOKIES = No (the default), when you authenticate with the site password, you get a cookie that says you are authenticated as the list admin, not as the site admin. Thus, you can't do global actions on the user options page and you can't go to another list's admin pages without logging in there. If ALLOW_SITE_ADMIN_COOKIES = Yes and you are authenticated as the site admin and you still can't list a users other subscriptions, I think this must be an Apple specific feature/bug. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
Mark, Thanks, I get Mailman posts as a digest so I hadn't yet received the other reply. I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with. Thanks again. -Rob McLear On Apr 1, 2010, at 4:20 PM, Mark Sapiro wrote: Rob wrote: Thanks. I have not recently upgraded or changed Mailman, though there was a recent Apple security update, and I'm not sure if it could have included a Mailman upgrade within it. The apparently huge number of expired addresses which bounced to the -owner address today suggests (based on my understanding of the wiki article you referenced) that there must have been an upgrade included. According to the reply at http://mail.python.org/pipermail/mailman-users/2010-April/069199.html, there was. I added ALLOW_SITE_ADMIN_COOKIES = Yes to mm_cfg.py and restarted mailman, but the behavior persists, or else I am not understanding the new behavior of the site admin password. Essentially I use the site admin password to quickly traverse multiple list config options without having to enter the list password for each list, delete users from multiple lists, or change their passwords for them. Did you stop and restart your browser or clear the relevant cookies from the browser? (an admin logout should suffice). If ALLOW_SITE_ADMIN_COOKIES = No (the default), when you authenticate with the site password, you get a cookie that says you are authenticated as the list admin, not as the site admin. Thus, you can't do global actions on the user options page and you can't go to another list's admin pages without logging in there. If ALLOW_SITE_ADMIN_COOKIES = Yes and you are authenticated as the site admin and you still can't list a users other subscriptions, I think this must be an Apple specific feature/bug. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
Rob wrote: I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with. Key question #1 is are the cookies named 'listname-admin' or 'site'? -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
On Apr 1, 2010, at 6:51 PM, Mark Sapiro wrote: Rob wrote: I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with. Key question #1 is are the cookies named 'listname-admin' or 'site'? -- They are named listname+admin Is there any way to determine whether my mailman installation is reading the lines from my mm_cfg.py correctly? -Rob -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
Rob wrote: On Apr 1, 2010, at 6:51 PM, Mark Sapiro wrote: Rob wrote: I tried quitting the browser and restarting several times, and also deleted cookies manually, but the problem persists. I will do some more digging and let you know what I come up with. Key question #1 is are the cookies named 'listname-admin' or 'site'? -- They are named listname+admin Is there any way to determine whether my mailman installation is reading the lines from my mm_cfg.py correctly? Here's one way. [m...@sbh16 ~]$ /path/to/bin/withlist -i No list name supplied. Python 2.4.3 (#1, Sep 3 2009, 15:37:12) [GCC 4.1.2 20080704 (Red Hat 4.1.2-46)] on linux2 Type help, copyright, credits or license for more information. (InteractiveConsole) from Mailman import mm_cfg mm_cfg.ALLOW_SITE_ADMIN_COOKIES False [m...@sbh16 ~]$ You type the command with the correct path to Mailman's bin/withlist. Then you type the two lines after the '' prompts. In your case, the response should be True or 1. At the third prompt, type control-D. Another clue is whether the timestamp on mm_cfg.pyc is more recent than that on mm_cfg.py, although this isn't always definitive due to possible permission issues. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Site password not functioning
They are named listname+admin Is there any way to determine whether my mailman installation is reading the lines from my mm_cfg.py correctly? Here's one way. [m...@sbh16 ~]$ /path/to/bin/withlist -i No list name supplied. Python 2.4.3 (#1, Sep 3 2009, 15:37:12) [GCC 4.1.2 20080704 (Red Hat 4.1.2-46)] on linux2 Type help, copyright, credits or license for more information. (InteractiveConsole) from Mailman import mm_cfg mm_cfg.ALLOW_SITE_ADMIN_COOKIES False [m...@sbh16 ~]$ You type the command with the correct path to Mailman's bin/withlist. Then you type the two lines after the '' prompts. In your case, the response should be True or 1. At the third prompt, type control-D. Another clue is whether the timestamp on mm_cfg.pyc is more recent than that on mm_cfg.py, although this isn't always definitive due to possible permission issues. From the withlist command I got a False response. I checked the timestamps as you suggested and found that mm_cfg.pyc had a timestamp from yesterday, likely when I ran the update. However, mm_cfg.py was last changed in 2008, which I know is incorrect since I edited it today. So, locate mm_cfg.py and sure enough there are two separate mailman folders; /usr/share/mailman and /usr/local/mailman . Yes indeed, I had edited the wrong file. Don't know where the duplicate came from, I think this server was upgraded from OS X Server 10.3, perhaps there was an old installation. Long story short, edited the correct copy of mm_cfg.py and restarted, all works well again. Thanks so much for your help. -Rob -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
