Re: [Mailman-Users] Installation problem: 500 internal server error
At 11:28 AM +0100 2005-04-28, RT wrote: Problem 1: my 'ISP', for want of a better word, enables suEXEC on Apache, Ouch. and I obviously can't change that (aside: doesn't everyone run Apache/suEXEC? No. If not, why? In large part, because that's not what is shipped by default by most vendors. And surely most mailman users are in the same situation that I'm in - I don't have a real internet connection, and I rely on someone else's virtual server, on which I don't get a root password?) Actually, that's a pretty rare configuration, based on what I've seen in the past. Had it been more common, others would have run into this problem before, the documentation would have been corrected, and you would not have had these problems yourself. But *none* of this is in the installation instructions, unless I've missed something. Nope, it's not in the documentation. Your problem with suEXEC is only the second time I've ever heard this feature mentioned, and you may be the first person I've heard of that has resolved the issues and documented them to this degree. And, this isn't my day job, and I'm worried that this isn't secure. Is it a good idea to run mailman's scripts with Apache's permissions? Dunno. Not sure that anyone else has ever tried to do this with Mailman. How does everyone else manage to install this? With suEXEC in your kind of configuration? I don't know that anyone else has ever managed to do that. Would someone mind updating INSTALL? If you can give us suitable instructions to include (preferably as a patch to the INSTALL document), we should be able to get that updated before 2.1.6-RELEASE is cut. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Installation problem: 500 internal server error
Jim Tittsler wrote: Are you trying to use Apache's suEXEC feature? It conflicts with the normal Mailman installation. You will need to make sure the cgi-bin directory is not group writable. (Once over that hurdle, you will probably then have to make sure that the files in cgi-bin don't have the SGID bit set, and are owned by the correct user/group so that suEXEC can set the group for the scripts.) Well, I'll be *!?**!!, this (almost) got it working; thanks. It turned out to be a litle more complicated... Problem 1: my 'ISP', for want of a better word, enables suEXEC on Apache, and I obviously can't change that (aside: doesn't everyone run Apache/suEXEC? If not, why? And surely most mailman users are in the same situation that I'm in - I don't have a real internet connection, and I rely on someone else's virtual server, on which I don't get a root password?) After following both your instructions, I got a web page, but with this error: Group mismatch error. Mailman expected the CGI wrapper script to be executed as group web, but the system's web server executed the CGI script as group mailman. Try tweaking the web server to run the script as group web, or re-run configure, providing the command line option `--with-cgi-gid=mailman'. Ok, I had configured with '--with-cgi-gid=web', as per INSTALL (Apache runs as 'web'). So Apache suEXEC'ed the scripts as 'mailman', so defeating the configuration option. As a fix/hack, I changed the owner/group of everything in cgi-bin to web/web, to prevent Apache suEXEC'ing. This got me further; as far as problem 2, in fact. Problem 2: Apache now runs the scripts as 'web', which is what mailman expects, but I now get another problem: mailman claims to hit an internal bug. At the end of the traceback I get: IOError: [Errno 13] Permission denied: '/usr/local/home/mailman/mailman-2.1.5/logs/error' Ok, mailman is running as web and wants to write into a directory owned by mailman, and can't. So I run /usr/sbin/usermod -G admin, mailman web And everything springs into life; I can now get listinfo and admin pages, complete with logos. But *none* of this is in the installation instructions, unless I've missed something. And, this isn't my day job, and I'm worried that this isn't secure. Is it a good idea to run mailman's scripts with Apache's permissions? How does everyone else manage to install this? Would someone mind updating INSTALL? Thanks - RT -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Installation problem: 500 internal server error
Apologies for posting an installation problem... :( I've just installed mailman, and am having a couple of problems. The first is that http://dom.ain/mailman/ returns '403 forbidden', and any other page (ie. http://dom.ain/create) returns '500 internal server error'. The INSTALL file suggests that this could be a GID/UID problem, but this doesn't seem very likely and I'm reluctant to reinstall (yet). There's nothing relevant in either /var/log (apart from the Apache logs, below), or in $prefix/logs/error. There's nothing in Apache's 'error_log', but 'cgi.log' has some interesting entries: [2005-04-27 11:07:05]: uid: (mailman/mailman) gid: (mailman/mailman) cmd: create [2005-04-27 11:07:05]: directory is writable by others: (/usr/local/home/mailman/mailman-2.1.5/cgi-bin) I installed as user/grp mailman/mailman, and 'check_perms' reports no problems. The cgi-bin directory in the message above is not actually 'writable by others'; its permissions are 'drwxrwsr-x'. I tried 'chmod o+w', but this made no difference (and the message in cgi.log remained the same). Any ideas? One potential problem is that I've installed this on a virtual server on which I don't have root permissions. I get an 'admin' login which has various root-like capabilities, and I think I've probably completed the root parts of the installation correctly, but I can't be sure. The server is running Linux, but I don't think it's a standard distribution; 'uname -a' returns 'Linux [mydomain] 2.4.29-hs-1'. Many thanks - RT -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Installation problem: 500 internal server error
On Apr 27, 2005, at 19:26, RT wrote: I've just installed mailman, and am having a couple of problems. The first is that http://dom.ain/mailman/ returns '403 forbidden', That is normal. Users normally should visit http://dom.ain/mailman/listinfo/ and administrators visit http://dom.ain/mailman/admin/. Many Mailman administrators will include an Apache redirectmatch to bounce visitors from http://dom.ain/mailman/ to http://dom.ain/mailman/listinfo/ and any other page (ie. http://dom.ain/create) returns '500 internal server error'. With a normal installation, you should be visiting http://dom.ain/mailman/create/ [2005-04-27 11:07:05]: uid: (mailman/mailman) gid: (mailman/mailman) cmd: create [2005-04-27 11:07:05]: directory is writable by others: (/usr/local/home/mailman/mailman-2.1.5/cgi-bin) Are you trying to use Apache's suEXEC feature? It conflicts with the normal Mailman installation. You will need to make sure the cgi-bin directory is not group writable. (Once over that hurdle, you will probably then have to make sure that the files in cgi-bin don't have the SGID bit set, and are owned by the correct user/group so that suEXEC can set the group for the scripts.) -- Jim Tittsler http://www.OnJapan.net/ GPG: 0x01159DB6 Python Starship http://Starship.Python.net/crew/jwt/ Mailman IRC irc://irc.freenode.net/#mailman -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp