On 11/15/2011 5:43 PM, Mark Sapiro wrote:
Chris Petrik wrote:
Now when I try to go to the admin section of the webui for the mailing I
get the bug page. Which is easily fixed by changing the owner from
mailman to www.
I tried adding mailman to group www but that doesn't seem to work.
It should work. See the FAQ at<http://wiki.list.org/x/tYA9> for more
on this, but basically, Mailman's directories are group mailman and
SETGID so that subordinate files are created with group mailman.
Mailman's Cgi wrappers and mail wrapper are group mailman and SETGID
so they run with effective group mailman. Mailman's qrunners run as
user:group mailman:mailman.
The whole thing is based on anything that is running in group mailman
has write permission on all the mutable directories and their contents.
If your OS does not allow user:group www:mailman to do certain
operations on files owned by mailman:mailman even though the mailman
group has write permission and likewise for group mailman:mailman on
files owned by www:mailman, you will not be able to avoid these issues.
Mailman is known to work on FreeBSD, so there must be something you can
do to enable this.
In a followup Chris added:
I recompiled mailman with the cgi_gid changed to mailman and the apache
config to be changed as AssignUserID mailman mailman and now I don't get
the bug page and all is well.
This is not a good idea. It means the web server now runs as
mailman:mailman and can access anything in Mailman's tree without
necessarily going through the authentication in the CGIs. There may
not be any URLs that can do this, but consider
http://www.example.com/pipermail/../../lists for example.
I will continue to monitor the mailman
services too see if any more perm issues arise before I create
production mailing lists.
I am not sure if this is the proper way to run mailman but it seems to
work, since the web panel is always open to issues and bug reports which
is awesome it is not that hard to explain to them the issue and have
them fix it. Seems rather obvious mailman creates files as user mailman
but editing the files in a web browser creates the files as the running
user of the web server IE: www if I am not mistaken using the itk patch
will allow the web server to create/edit files as the user set in the
AssignUSerID directive in apache.
I don't know how your web server works, but the owner = www or mailman
shouldn't matter as everything should be based on group. Possibly, the
issue is the web server is not honoring the SETGID bit on the CGI
wrappers.
So I went downstairs to fetch me some coke and it just hit me
AssignUser ID mailman www
And now the webui works
Chris
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
