Jim Tittsler wrote:
Are you trying to use Apache's suEXEC feature? It conflicts with the normal Mailman installation. You will need to make sure the cgi-bin directory is not group writable. (Once over that hurdle, you will probably then have to make sure that the files in cgi-bin don't have the SGID bit set, and are owned by the correct user/group so that suEXEC can set the group for the scripts.)
Well, I'll be *&!?**!!, this (almost) got it working; thanks. It turned out to be a litle more complicated...
Problem 1: my 'ISP', for want of a better word, enables suEXEC on Apache, and I obviously can't change that (aside: doesn't everyone run Apache/suEXEC? If not, why? And surely most mailman users are in the same situation that I'm in - I don't have a real internet connection, and I rely on someone else's virtual server, on which I don't get a root password?)
After following both your instructions, I got a web page, but with this error:
Group mismatch error. Mailman expected the CGI
wrapper script to be executed as group "web", but
the system's web server executed the CGI script as
group "mailman". Try tweaking the web server to run the
script as group "web", or re-run configure, providing the command line option `--with-cgi-gid=mailman'.
Ok, I had configured with '--with-cgi-gid=web', as per INSTALL (Apache runs as 'web'). So Apache suEXEC'ed the scripts as 'mailman', so defeating the configuration option. As a fix/hack, I changed the owner/group of everything in cgi-bin to web/web, to prevent Apache suEXEC'ing. This got me further; as far as problem 2, in fact.
Problem 2: Apache now runs the scripts as 'web', which is what mailman expects, but I now get another problem: mailman claims to hit an internal bug. At the end of the traceback I get:
IOError: [Errno 13] Permission denied: '/usr/local/home/mailman/mailman-2.1.5/logs/error'
Ok, mailman is running as web and wants to write into a directory owned by mailman, and can't. So I run
/usr/sbin/usermod -G admin, mailman web
And everything springs into life; I can now get listinfo and admin pages, complete with logos.
But *none* of this is in the installation instructions, unless I've missed something. And, this isn't my day job, and I'm worried that this isn't secure. Is it a good idea to run mailman's scripts with Apache's permissions?
How does everyone else manage to install this? Would someone mind updating INSTALL?
Thanks -
RT
------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
