Hi Mark,
Thank you for supporting mailman all these years.
Here is the error
--- snip ----
[Mon Jul 13 03:29:36.036929 2015] [authz_core:error] [pid 739] [client
<ip_addr>:64962] AH01630: client denied by server configuration:
/var/lib/mailman/archives/public/<list>, referer:
http://<domain>/mailman/admin/<list>
--- snip ---
I think I did what was suggested in the FAQ but still getting the above
error when I attempt to go to the list's archive URL
/var/lib/mailman/archives $ ls -ld
drwxrwsr-x 4 list list 4096 Oct 2 2002 .
/var/lib/mailman/archives $ ls -l
total 8
drwxrws--- 110 list list 4096 Jul 4 22:44 private
drwxrwsr-x 2 list list 4096 Jun 2 2012 public
/var/lib/mailman/archives $ ls -l public/<list>
lrwxrwxrwx 1 root list 43 Mar 9 2014 public/<list> ->
/var/lib/mailman/archives/private/<list>
/var/lib/mailman/archives/private $ ls -ld <list>*
drwxrwsr-x 97 list list 16384 Jul 2 10:27 <list>
drwxrwsr-x 2 www-data list 4096 Nov 5 2007 <list>.mbox
-- qrunner is running as list ---
root 3847 0.0 0.1 11748 2172 pts/1 S+ 03:36 0:00 grep
qrunner
list 8075 0.0 0.5 55560 10348 ? S Jul12 0:12
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
list 8076 0.0 0.5 56500 11932 ? S Jul12 0:12
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
list 8077 0.0 0.5 55584 11116 ? S Jul12 0:13
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
list 8078 0.0 0.6 57212 12844 ? S Jul12 0:13
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
list 8079 0.0 0.3 54872 7408 ? S Jul12 0:12
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
list 8080 0.0 0.6 59656 13528 ? S Jul12 0:14
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
list 8081 0.0 0.5 56600 12132 ? S Jul12 0:12
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
list 8082 0.0 0.4 54848 8980 ? S Jul12 0:00
/usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
---- snip ---
Cheers,
Noah
On 7/12/15 6:54 PM, Mark Sapiro wrote:> On 7/12/15 5:58 PM, Noah wrote:
>>
>> I migrated to a new server and I am back again with permission issues.
>> I am running apache2 on an ubuntu 14.04 server.
>>
>> is there a good tutorial out there that explains the best practices for
>> ownership for the different directories and sub-directories
>
>
> Everything should be in Mailman's group ('mailman' or '_mailman' or
> maybe 'list' in your case) and all the directories and the cgi and mail
> compiled wrappers should be SETGID.
>
> See the FAQ at <http://wiki.list.org/x/4030645>.
>
>
>> I run check_perms -f as root and some of the same directories still need
>> correcting even after running 'check_perms -f' as root many times.
>
>
> check_perms gets confused by symlinks. It checks and complains about the
> group and permissions of the symlink itself which are really irrelevant.
> When fixing, it actually fixes the target which is what you want, but
> next time it will complain again because it is still looking at the
> symlink. Bottom line is ignore the errors it reports about symlinks.
>
>
>> I have a list user and a mailman user and group that I moved over from
>> my old server. Apache2 is running as www-data .
>
>
> In your Debian/Ubuntu package, Mailman's user:group are list:list.
>
>
>> I am using mbox is that matters.
>>
>> here is some config:
>>
>> /var/lib/mailman/archives $ ls -l
>> total 8.0K
>> drwxrws--x 110 mailman 4.0K Jul 4 22:44 private/
>> drwxrwsr-x 2 mailman 4.0K Jun 2 2012 public/
>
>
> Is 'mailman' the owner or group? Perhaps these came from another system,
> but for the Ubuntu package if that's what you're using, group should be
> 'list'.
>
>
>> /etc/apache2/conf-enabled $ ls -l mailman.conf
>> lrwxrwxrwx 1 root 30 Jul 13 00:52 mailman.conf ->
>> ../conf-available/mailman.conf
>>
>>
>>
>> /etc/apache2/conf-enabled $ cat ../conf-available/mailman.conf
>>
>> Alias /pipermail/ /var/lib/mailman/archives/public/
>> Alias /images/mailman/ /usr/share/images/mailman/
>> ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
>> <Directory /usr/lib/cgi-bin/mailman/>
>> AllowOverride None
>> Options ExecCGI
>> AddHandler cgi-script .cgi
>> Order allow,deny
>> Allow from all
>> </Directory>
>> <Directory /var/lib/mailman/archives/public/>
>> Options Indexes FollowSymlinks
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>> </Directory>
>> <Directory /usr/share/images/mailman/>
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>> </Directory>
>
>
> This looks OK.
>
> What exactly is your problem? Is there actually something that doesn't
> work? If so, what?
>
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
