subject:"\[Mailman\-Users\] Installation problem\: 500 internal server error"

Re: [Mailman-Users] Installation problem: 500 internal server error

2005-04-29 Thread Brad Knowles

At 11:28 AM +0100 2005-04-28, RT wrote:
 Problem 1: my 'ISP', for want of a better word, enables suEXEC on Apache,
Ouch.
 and I obviously can't change that (aside: doesn't everyone run
 Apache/suEXEC?
No.
If not, why?
	In large part, because that's not what is shipped by default by 
most vendors.

  And surely most mailman users are in the
 same situation that I'm in - I don't have a real internet connection,
 and I rely on someone else's virtual server, on which I don't get a
 root password?)
	Actually, that's a pretty rare configuration, based on what I've 
seen in the past.  Had it been more common, others would have run 
into this problem before, the documentation would have been 
corrected, and you would not have had these problems yourself.

 But *none* of this is in the installation instructions, unless I've
 missed something.
	Nope, it's not in the documentation.  Your problem with suEXEC is 
only the second time I've ever heard this feature mentioned, and you 
may be the first person I've heard of that has resolved the issues 
and documented them to this degree.

And, this isn't my day job, and I'm worried that
 this isn't secure. Is it a good idea to run mailman's scripts with
 Apache's permissions?
Dunno.  Not sure that anyone else has ever tried to do this with 
Mailman.
 How does everyone else manage to install this?
	With suEXEC in your kind of configuration?  I don't know that 
anyone else has ever managed to do that.

 Would someone mind
 updating INSTALL?
	If you can give us suitable instructions to include (preferably 
as a patch to the INSTALL document), we should be able to get that 
updated before 2.1.6-RELEASE is cut.

--
Brad Knowles, [EMAIL PROTECTED]
Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
  SAGE member since 1995.  See http://www.sage.org/ for more info.
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

Re: [Mailman-Users] Installation problem: 500 internal server error

2005-04-28 Thread RT

Jim Tittsler wrote:
Are you trying to use Apache's suEXEC feature?  It conflicts with the 
normal Mailman installation.  You will need to make sure the cgi-bin 
directory is not group writable.  (Once over that hurdle, you will 
probably then have to make sure that the files in cgi-bin don't have the 
SGID bit set, and are owned by the correct user/group so that suEXEC can 
set the group for the scripts.)
Well, I'll be  *!?**!!, this (almost) got it working; thanks. It turned 
out to be a litle more complicated...

Problem 1: my 'ISP', for want of a better word, enables suEXEC on 
Apache, and I obviously can't change that (aside: doesn't everyone run 
Apache/suEXEC? If not, why? And surely most mailman users are in the 
same situation that I'm in - I don't have a real internet connection, 
and I rely on someone else's virtual server, on which I don't get a root 
password?)

After following both your instructions, I got a web page, but with this 
error:

Group mismatch error.  Mailman expected the CGI
wrapper script to be executed as group web, but
the system's web server executed the CGI script as
group mailman.  Try tweaking the web server to run the
script as group web, or re-run configure, 
providing the command line option `--with-cgi-gid=mailman'.
Ok, I had configured with '--with-cgi-gid=web', as per INSTALL (Apache 
runs as 'web'). So Apache suEXEC'ed the scripts as 'mailman', so 
defeating the configuration option. As a fix/hack, I changed the 
owner/group of everything in cgi-bin to web/web, to prevent Apache 
suEXEC'ing. This got me further; as far as problem 2, in fact.

Problem 2: Apache now runs the scripts as 'web', which is what mailman 
expects, but I now get another problem: mailman claims to hit an 
internal bug. At the end of the traceback I get:

IOError: [Errno 13] Permission denied: '/usr/local/home/mailman/mailman-2.1.5/logs/error'
Ok, mailman is running as web and wants to write into a directory owned 
by mailman, and can't. So I run

/usr/sbin/usermod -G admin, mailman web
And everything springs into life; I can now get listinfo and admin 
pages, complete with logos.

But *none* of this is in the installation instructions, unless I've 
missed something. And, this isn't my day job, and I'm worried that this 
isn't secure. Is it a good idea to run mailman's scripts with Apache's 
permissions?

How does everyone else manage to install this? Would someone mind 
updating INSTALL?

Thanks -
RT

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

[Mailman-Users] Installation problem: 500 internal server error

2005-04-27 Thread RT

Apologies for posting an installation problem...  :(
I've just installed mailman, and am having a couple of problems. The 
first is that http://dom.ain/mailman/ returns '403 forbidden', and any 
other page (ie. http://dom.ain/create) returns '500 internal server error'.

The INSTALL file suggests that this could be a GID/UID problem, but this 
doesn't seem very likely and I'm reluctant to reinstall (yet). There's 
nothing relevant in either /var/log (apart from the Apache logs, below), 
or in $prefix/logs/error.

There's nothing in Apache's 'error_log', but 'cgi.log' has some 
interesting entries:


[2005-04-27 11:07:05]: uid: (mailman/mailman) gid: (mailman/mailman) 
cmd: create
[2005-04-27 11:07:05]: directory is writable by others: 
(/usr/local/home/mailman/mailman-2.1.5/cgi-bin)


I installed as user/grp mailman/mailman, and 'check_perms' reports no 
problems. The cgi-bin directory in the message above is not actually 
'writable by others'; its permissions are 'drwxrwsr-x'. I tried 'chmod 
o+w', but this made no difference (and the message in cgi.log remained 
the same).

Any ideas? One potential problem is that I've installed this on a 
virtual server on which I don't have root permissions. I get an 'admin' 
login which has various root-like capabilities, and I think I've 
probably completed the root parts of the installation correctly, but I 
can't be sure. The server is running Linux, but I don't think it's a 
standard distribution; 'uname -a' returns 'Linux [mydomain] 2.4.29-hs-1'.

Many thanks -
RT
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

Re: [Mailman-Users] Installation problem: 500 internal server error

2005-04-27 Thread Jim Tittsler

On Apr 27, 2005, at 19:26, RT wrote:
I've just installed mailman, and am having a couple of problems. The 
first is that http://dom.ain/mailman/ returns '403 forbidden',
That is normal.  Users normally should visit 
http://dom.ain/mailman/listinfo/ and administrators visit 
http://dom.ain/mailman/admin/.  Many Mailman administrators will 
include an Apache redirectmatch to bounce visitors from 
http://dom.ain/mailman/ to http://dom.ain/mailman/listinfo/

 and any other page (ie. http://dom.ain/create) returns '500 internal 
server error'.
With a normal installation, you should be visiting 
http://dom.ain/mailman/create/


[2005-04-27 11:07:05]: uid: (mailman/mailman) gid: (mailman/mailman) 
cmd: create
[2005-04-27 11:07:05]: directory is writable by others: 
(/usr/local/home/mailman/mailman-2.1.5/cgi-bin)

Are you trying to use Apache's suEXEC feature?  It conflicts with the 
normal Mailman installation.  You will need to make sure the cgi-bin 
directory is not group writable.  (Once over that hurdle, you will 
probably then have to make sure that the files in cgi-bin don't have 
the SGID bit set, and are owned by the correct user/group so that 
suEXEC can set the group for the scripts.)

--
Jim Tittsler http://www.OnJapan.net/  GPG: 0x01159DB6
Python Starship  http://Starship.Python.net/crew/jwt/
Mailman IRC  irc://irc.freenode.net/#mailman
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

Re: [Mailman-Users] Installation problem: 500 internal server error

Re: [Mailman-Users] Installation problem: 500 internal server error

[Mailman-Users] Installation problem: 500 internal server error

Re: [Mailman-Users] Installation problem: 500 internal server error

4 matches

Site Navigation

Mail list logo

Footer information