I had this problem during a ubuntu update. IIRC: I discovered that the
update changed the user/group id's of mailman from mailman:www-data to
list:list (or something like that) as it did a mailman update that
messed up the id's. It has been too long to remember the exact details.
The default ubuntu mailman install uses different permissions from a
regular mailman install from the mailman tarball. I may have removed
and then reinstalled mailman from the tarball/source. The ubuntu
mailman package was pretty old, IIRC.
I remember systemd and apparmor breaking a running system and spending
weeks fixing everything that was broken. It broke enough stuff and
caused enough problems that ubuntu has convinced me to find another *nix
distribution or even switch to bsd to get away from the disaster that is
systemd.
On 3/29/2017 3:31 PM, Nick Wyman wrote:
Mark,
Thank you for looking.
The error is "Operation not permitted". My best guess is this is
occurring at this point in the wrapper
#ifdef HAVE_SETREGID
status = setregid(getegid(), -1);
if (status)
fatal(logident, SETREGID_FAILURE, "%s", strerror(errno));
#endif /* HAVE_SETREGID */
Indeed this is the case. I recompiled the wrapper with this code block
disabled and the web interface functioned again.
Note that the mailman user and group are "list" while apache runs as user and group
"www-data".
Do other CGIs (e.g. admin, admindb, private, options) fail the same way.
Yes, all the cgi-bin executables return the same error message.
There should at least be something logged in /var/log/apache2/error.log
or wherever the error log is for the vhost. There is a 'syslog' call in
the wrapper, but it only writes the "Operation not permitted" message
that was displayed in the browser.
If you can find the exit status of the wrapper in the apache log, those
codes are defined as
/* Exit codes, so it's easier to distinguish what caused fatal errors when
* looking at syslogs.
*/
#define GROUP_MISMATCH 2
#define SETREGID_FAILURE 3
#define EXECVE_FAILURE 4
#define MAIL_USAGE_ERROR 5
#define MAIL_ILLEGAL_COMMAND 6
#define ADDALIAS_USAGE_ERROR 7
#define GROUP_NAME_NOT_FOUND 8
I could not find this information in any log file. However, via print
instrumentation, I have reduced the problem to the setregid call.
I'm unable to explain why this command is suddenly failing.
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/guest2%40sgeinc.com
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
