Hi,
I now have this mailman working, installed from source
(2.1.8), not from the debian package.
I'm not in a position to be able to replicate this bug
anymore, because the server is in use, so you might want to
mark this bug accordingly -- I'll answer the questions below
about the setup as best I can though.
I am really grateful for the responses on this bug report,
even if (especially if . . .) it was just a weird
configuration on my part. I am used to sending bug reports
into a black hole, so it is really nice to have you guys follow
up with me on it.
Here is an overview of what I did to make it work from source,
perhaps something here is helpful:
made user/group mailman:
groupadd mailman
useradd -c "GNU Mailman" -s /no/shell -d /no/home -s mailman mailman
cd /var/lib/mailman
chgrp mailman .
chmod a_rx,g+ws .
./configure --prefix=/usr/lib/mailman
--with-var-prefix=/var/lib/mailman --with-cgi-gid=service
--with-username=mailman --with-groupname=mailman
--with-mail-gid=Debian-exim
make clean
make
make install
check_parms -f
At this point I still got the error I mentioned in the first
bug report, but I was getting helpful info from the mailman
error log, which was a permissions denied message. I removed
the suexec, and got a "we've hit a bug!" message, but nothing
in the error log -- I changed the error log to be writeable by
everyone, and got a message about the config.pck of one of my
pre-existing lists having "permission denied". I fixed that,
and then had to also do "chmod a+rx,g+ws
/var/lib/mailman/cgi-bin/*" and then it was working.
If set up a backup server to this one I might be able to
experiment more. However I will probably also set up that web
server to run as the normal www-data in order to be simpler.
A few more notes below . . .
>>>>> "Lionel" == Lionel Elie Mamane <[EMAIL PROTECTED]> writes:
Lionel>
Lionel> On Wed, Jun 07, 2006 at 02:39:30AM -0500, Rob Ristroph wrote:
>> I installed mailman with apt-get.
Lionel>
>> It worked at least well enough to create some lists at some point.
>> Since then the system has been apt-get upgraded several times.
Lionel>
Lionel> Did you install 2.1.8 or an older version originally?
It was 2.1.8.
>> Now, when I go to any of the mailman links, such as listinfo or the
>> admin page of a list, I get this in my browser:
Lionel>
>> ====================================
>> Internal Server Error
Lionel>
>> The server encountered an internal error or misconfiguration and was
>> unable to complete your request.
Lionel>
Lionel> Isn't your _web server_ CGI configuration fucked up? Do other CGIs
Lionel> work?
Other CGI's worked at that time. This was the only one that didn't.
Lionel> This looks more like an Apache error message than a Mailman one to
Lionel> me.
Yes, that is possible. In the configuration I am currently using does
not use SuExec. It is possible that I was trying to SuExec to a
user/group with uid/gid below 100, and that was generating the error.
>> Among other background information you should know:
Lionel>
>> -- I had to "ln -s /usr/lib/cgi-bin/mailman /usr/lib/mailman/cgi-bin/"
>> before the gforge apache configs would find mailman properly
Lionel>
Lionel> That is gforge's bug. Please file a separate bug against
Lionel> gforge-lists-mailman and tell them (add
Lionel> [EMAIL PROTECTED] to the CC list for that
Lionel> bug; reportbug will give you the opportunity to do that).
OK, I will.
>> -- The output of check_perms:
>> =================================
>> check_perms -f
Lionel>
>> /var/lib/mailman/mail bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/cgi-bin bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/logs bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/Mailman bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/bin bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/icons bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/templates bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/locks bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/scripts bad group (has: root, expected list) (fixing)
>> /var/lib/mailman/cron bad group (has: root, expected list) (fixing)
Lionel>
Lionel> These are false positives; on a Debian system, those are symlinks, and
Lionel> check_perms looks at the symlink and not at its target; the targets
Lionel> have the right group, as far as I can see.
I eventually fixed them by hand when I re-installed from source. I
don't think those errors were related to the problem.
>> Warning: Private archive directory is other-executable (o+x).
>> This could allow other users on your system to read private
>> archives.
Lionel>
Lionel> Yes, but that's the only sane way to ensure that the web server can
Lionel> serve these files, too.
Yes. That was not related to my problem; I wasn't trying to get to
the archives, I was trying to get to the listinfo.
>> Also, instead of apache running as www-data on this system, it is
>> running as another user;
Lionel>
Lionel> What is the uid of this user, and its gid?
1011 (same for both uid and gid)
>> however, it runs mailman as the user it expects via the suexec
>> directive,
Lionel>
Lionel> The mailman in Debian, in contrast to the upstream mailman, doesn't
Lionel> care as what group (and user?) it runs as long as the group is 65534
Lionel> or strictly less than 100.
That might explain something, I was still puzzeled not to get
something in the mailman error log though.
>> I have this in the apache conf file:
Lionel>
>> SuexecUserGroup www-data www-data
Lionel>
Lionel> Are you sure this does what you think it does? It seems to me that
Lionel> suexec will refuse to execute the cgi's as a user/group below 100, and
Lionel> www-data is 33. Additionally, suexec will only work if launched by
Lionel> www-data, that is only of Apache is running as www-data, it seems to
Lionel> me. Check /var/log/apache/suexec.log and check that it is having the
Lionel> effect you think it has.
I think you are right. I now have the system working without the use
of SuExec. I looked in the suexec.log and saw several of these
messages:
user mismatch (service instead of www-data)
By the frequency I think they were showing up each time I restarted
the web server, when I had that suexec stuff in there.
>> I see no messages in the logs when the error happens, except for this
>> in the gforge apache logs:
Lionel>
>> [Wed Jun 07 02:24:31 2006] [error] [client 70.112.100.20] Premature end
>> of script headers:
>> admin, referer:
>> http://gforge.mydomain.com/mail/admin/index.php?group_id=7
Lionel>
Lionel> Hmm... Weird.
What puzzled me was the I got this log message but nothing in the
mailman error log.
Again, thanks for helping me with this bug -- and since I am not in a
position to replicate it, it would be hard to work further on it now.
I will re-submit it if I can get it to happen again when I set up the
next server.
--Rob
--
http://rgr.freeshell.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
