Re: [Mailman-Users] Unable to access Mailman Web interface
On 07/04/2015 08:23 AM, Steve Matzura wrote: Because that's the only one I knew of. Blame Red Hat for this one. :-) The RedHat/Centos package is even more complex. See the FAQ at http://wiki.list.org/x/8486953. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On Sat, 04 Jul 2015 07:22:43 -0700, Mark wrote: Mailman has two main configuration paths, $prefix for immutable code, etc. and $var_prefix for mutable data. By default, $var_prefix = $prefix, but in your case, you or the packager whose package you installed configured mailman with $prefix=/usr/lib/mailman and $var_prefix=/var/lib/mailman. This is not unusual. I referred to $prefix rather than $var_prefix in a prior reply only because that was the term you used. Because that's the only one I knew of. Blame Red Hat for this one. :-) I installed the package as-was from their repository. In fact, if I didn't read up on it, I'd never know what $prefix is or is meant to be, as it's neither a defined global environment variable nor symbol. No matter, that one's cleared up. Also, please post to this list from your subscribed address Oversight. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On 07/03/2015 03:59 PM, Steve Matzura wrote: Interesting: My $prefix is /usr/lib/mailman. However, there is a /var/lib/mailman as that's where archives is. It's owned and grouped properly, and it does have the 1-bit set in the 'other' portion of its permissions mask. I can definitely fix that. But why does this all appear in /var/lib/mailman and not /usr/lib/mailman? Mailman has two main configuration paths, $prefix for immutable code, etc. and $var_prefix for mutable data. By default, $var_prefix = $prefix, but in your case, you or the packager whose package you installed configured mailman with $prefix=/usr/lib/mailman and $var_prefix=/var/lib/mailman. This is not unusual. I referred to $prefix rather than $var_prefix in a prior reply only because that was the term you used. Also, please post to this list from your subscribed address s...@noisynotes.com. Posting from alternative addresses results in moderation delay and possible rejection or discard of your 'non-member' posts. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On Sat, 04 Jul 2015 08:54:44 -0700, Mark Sapiro m...@msapiro.net wrote: The RedHat/Centos package is even more complex. See the FAQ at http://wiki.list.org/x/8486953. Thanks. Noted and saved for future reference. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On Fri, 03 Jul 2015 06:50:58 -0700, you wrote: $prefix/archives and the private/ and public/ sub-directories thereof are created on installation, and if Mailman is running there must be a 'mailman' site list and thus $prefix/archives/private/mailman/ and $prefix/archives/private/mailman.mbox/ subdirectories whether or not they contain any actual archives. Further, If $prefix/archives/private didn't exist, check_perms would have thrown a OSError: [Errno 2] No such file or directory: exception instead of reporting it was o+x. Interesting: My $prefix is /usr/lib/mailman. However, there is a /var/lib/mailman as that's where archives is. It's owned and grouped properly, and it does have the 1-bit set in the 'other' portion of its permissions mask. I can definitely fix that. But why does this all appear in /var/lib/mailman and not /usr/lib/mailman? -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On 07/03/2015 03:24 AM, Steve Matzura wrote: Understood. Since this is really a new installation (I didn't copy archives from the old system because they're not really of any use), $prefix/archives doesn't exist yet. I'll keep the above in mind and implement it when list traffic commences on this installation. $prefix/archives and the private/ and public/ sub-directories thereof are created on installation, and if Mailman is running there must be a 'mailman' site list and thus $prefix/archives/private/mailman/ and $prefix/archives/private/mailman.mbox/ subdirectories whether or not they contain any actual archives. Further, If $prefix/archives/private didn't exist, check_perms would have thrown a OSError: [Errno 2] No such file or directory: exception instead of reporting it was o+x. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On Thu, 02 Jul 2015 16:39:36 -0700, you wrote: After check_perms fixed all problems, I re-ran it and got this: Warning: Private archive directory is other-executable (o+x). This could allow other users on your system to read private archives. If you're on a shared multiuser system, you should consult the installation manual on how to fix this. No problems found Which section should I be reading? http://www.list.org/mailman-install/node9.html, but the question is this. Are there users who can log in to a shell or sftp or whatever who should not have any access to private list archives? If the answer is no, o+x on /path/to/mailman/archives/private is not a problem. If the answer is yes, set it o-x and change its owner to the web server uid. If you set it o-x and don't change the owner, public archive access won't work. Understood. Since this is really a new installation (I didn't copy archives from the old system because they're not really of any use), $prefix/archives doesn't exist yet. I'll keep the above in mind and implement it when list traffic commences on this installation. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On 07/02/2015 07:56 AM, Steve Matzura wrote:
If I browse to http://{my-node.my-domain.com}/mailman/admin, I get the
following:
Bug in Mailman version 2.1.18-1
Bug in Mailman version 2.1.18-1
We're sorry, we hit a bug!
Please inform the webmaster for this site of this problem. Printing of
traceback and other system information has been explicitly inhibited,
but the webmaster
can find this information in the Mailman error logs.
If that's supposed to be /var/log/mailman/error, the only thing in
there is what I posted in my previous message. Maybe the two are
related?
Run check_perms.
--
Mark Sapiro m...@msapiro.netThe highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On 07/02/2015 09:01 AM, Steve Matzura wrote: On Thu, 02 Jul 2015 08:24:12 -0700, you wrote: Run check_perms. Did that. 898 problems found! I hope I didn't break Postfix. Luckily I logged before and after in case I have to revert. Check_perms only affects files and directories in Mailman's tree(s). Postfix should be unaffected. After check_perms fixed all problems, I re-ran it and got this: Warning: Private archive directory is other-executable (o+x). This could allow other users on your system to read private archives. If you're on a shared multiuser system, you should consult the installation manual on how to fix this. No problems found Which section should I be reading? http://www.list.org/mailman-install/node9.html, but the question is this. Are there users who can log in to a shell or sftp or whatever who should not have any access to private list archives? If the answer is no, o+x on /path/to/mailman/archives/private is not a problem. If the answer is yes, set it o-x and change its owner to the web server uid. If you set it o-x and don't change the owner, public archive access won't work. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Unable to access Mailman Web interface
On Thu, 02 Jul 2015 08:24:12 -0700, you wrote:
On 07/02/2015 07:56 AM, Steve Matzura wrote:
If I browse to http://{my-node.my-domain.com}/mailman/admin, I get the
following:
Bug in Mailman version 2.1.18-1
Bug in Mailman version 2.1.18-1
We're sorry, we hit a bug!
Please inform the webmaster for this site of this problem. Printing of
traceback and other system information has been explicitly inhibited,
but the webmaster
can find this information in the Mailman error logs.
If that's supposed to be /var/log/mailman/error, the only thing in
there is what I posted in my previous message. Maybe the two are
related?
Run check_perms.
Did that. 898 problems found! I hope I didn't break Postfix. Luckily I
logged before and after in case I have to revert.
After check_perms fixed all problems, I re-ran it and got this:
Warning: Private archive directory is other-executable (o+x).
This could allow other users on your system to read private
archives.
If you're on a shared multiuser system, you should consult
the installation manual on how to fix this.
No problems found
Which section should I be reading?
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
