From owner-freebsd-ports@FreeBSD.ORG Tue Dec 29 18:38:09 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC1C31065742; Tue, 29 Dec 2009 18:38:09 +0000 (UTC) (envelope-from david@vizion2000.net) Received: from dns1.vizion2000.net (dns1.vizion2000.net [62.49.197.50]) by mx1.freebsd.org (Postfix) with ESMTP id 14EE58FC12; Tue, 29 Dec 2009 18:38:08 +0000 (UTC) Received: by dns1.vizion2000.net (Postfix, from userid 1001) id 2BA7934D456; Tue, 29 Dec 2009 18:37:44 +0000 (GMT) From: David Southwell Organization: Voice & Vision To: freebsd-ports@freebsd.org, glarkin@freebsd.org Date: Tue, 29 Dec 2009 18:37:44 +0000 User-Agent: KMail/1.12.4 (FreeBSD/7.2-RELEASE-p3; KDE/4.3.4; amd64; ; ) References: <200912291421.16006.david@vizion2000.net> <200912291754.27503.david@vizion2000.net> <4B3A48E2.2060108@FreeBSD.org> In-Reply-To: <4B3A48E2.2060108@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200912291837.44103.david@vizion2000.net> Cc: Boris Kochergin Subject: Re: mailman web access to archives failure: X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 18:38:09 -0000 > David Southwell wrote: > >> David Southwell wrote: > >> [...] > >> > >>> Thank you Boris > >>> > >>> After reading your files I changed the httpd.conf to follow your format > >>> but it still did not work :-(. > >>> > >>> Here are my entries: > >>> > >>> > >>> # This should be changed to whatever you set DocumentRoot to. > >>> # > >>> > >>> # > >>> # Possible values for the Options directive are "None", "All", > >>> # or any combination of: > >>> # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI > >>> MultiViews > >>> # > >>> # Note that "MultiViews" must be named *explicitly* --- "Options > >>> All" # doesn't give it to you. > >>> # > >>> # The Options directive is both complicated and important. Please > >>> see # http://httpd.apache.org/docs/2.2/mod/core.html#options > >>> # for more information. > >>> # > >>> Options Indexes FollowSymLinks > >>> > >>> # > >>> # AllowOverride controls what directives may be placed in .htaccess > >>> files. # It can be "All", "None", or any combination of the keywords: # > >>> Options FileInfo AuthConfig Limit > >>> # > >>> AllowOverride None > >>> > >>> # > >>> # Controls who can get stuff from this server. > >>> # > >>> Order allow,deny > >>> Allow from all > >>> > >>> > >>> ScriptAlias /mailman " /usr/local/mailman/cgi-bin" > >>> > >>> Options ExecCGI > >>> Order allow,deny > >>> Allow from all > >>> > >>> Alias /pipermail "/usr/local/mailman/archives/public" > >>> > >>> Options ExecCGI FollowSymLinks > >>> Order allow,deny > >>> Allow from all > >>> Options Indexes MultiViews > >>> AddDefaultCharset Off > >>> DirectoryIndex index.html > >>> > >>> # > >>> > >>> Seems I am struggling with this. > >>> > >>> Thanks again for all your help. Lets hope I can someone can spot > >>> something soon. These things are usually caused by a daft error on my > >>> part!! > >>> > >>> David > >>> _______________________________________________ > >> > >> Hi David, > >> > >> Can you post a listing of the contents of the directory > >> /usr/local/mailman/archives/public/? > >> > >> Also, please visit > >> http://www.vizion2000.net/pipermail/bps_comp_print_reminders/ and post > >> the request errors from httpd-error.log. > >> > >> Thank you, > >> Greg > > > > Hi Greg > > > > Thanks for staying with this - here is the info you asked for: > > > > dns1# cd /usr/local/mailman/archives/public/ > > dns1# ls -l > > total 0 > > lrwxr-xr-x 1 www www 55 Dec 19 17:58 bps_comp_print_chat -> > > /usr/local/mailman/archives/private/bps_comp_print_chat > > lrwxr-xr-x 1 www www 60 Dec 19 17:57 bps_comp_print_reminders -> > > /usr/local/mailman/archives/private/bps_comp_print_reminders > > lrwxr-xr-x 1 www www 60 Dec 19 17:56 bps_comps_print_announce -> > > /usr/local/mailman/archives/private/bps_comps_print_announce > > dns1# > > > > error-log shows: > > [Tue Dec 29 17:46:00 2009] [error] [client 62.49.197.50] Symbolic link > > not allowed or link target not accessible: > > /usr/local/mailman/archives/public/bps_comp_print_reminders > > > > Sudden thought I had not mentioned: > > > > This server is running SSL > > (Apache/2.2.14 mod_ssl/2.2.14) > > > > Is there any chance that could possibly affect access to the archives?? > > Everything else works. Incidentally /usr/local/mailman/ and its > > subdirectories are on a separate physical drive to the document root > > which is > > /usr_www/virtualwebs/vizion2000.net/ > > Thanks again > > > > David > > Hi David, > > I don't think it's an issue with the version of Apache, but rather a > permissions issue on your "private" directory. > > The quickest way to determine where the problem lies is by running > Apache inside of truss (http://bit.ly/DFWAr). With the proper command > line arguments, truss should reveal the cause of the "link target not > accessible" error. > > However, you can also try to figure it out by determining the uid/gid of > your Apache processes and inspecting the permissions in the mailman > directory hierarchy. > > Type this: > > egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf > > Note the results. On my system, it prints: > > User www > Group www > > Next, run each of the following commands in order, noting if any of the > permissions prevent the Apache uid/gid from accessing the directory. > > ls -ld / > ls -ld /usr > ls -ld /usr/local > ls -ld /usr/local/mailman > ls -ld /usr/local/mailman/archives > ls -ld /usr/local/mailman/archives/private > ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders > > My guess is that you'll find some permissions that need to be loosened > slightly. I'm not familiar with mailman, so I'm assuming that the web > interface scripts run with the uid/gid of the Apache process. If they > don't for some reason, you'll need to know their uid/gid to do this > analysis. > Here-tis dns1# egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf User www Group www dns1# ls -ld / drwxr-xr-x 36 root wheel 1024 Dec 19 11:36 / dns1# ls -ld / drwxr-xr-x 36 root wheel 1024 Dec 19 11:36 / dns1# ls -ld /usr drwxr-xr-x 23 root wheel 512 Dec 12 14:21 /usr dns1# ls -ld /usr/local drwxr-xr-x 27 root wheel 512 Dec 15 15:54 /usr/local dns1# ls -ld /usr/local/mailman drwxrwsr-x 20 mailman mailman 512 Dec 28 13:07 /usr/local/mailman dns1# ls -ld /usr/local/mailman/archives drwxrwsr-x 4 root mailman 512 Dec 28 13:07 /usr/local/mailman/archives dns1# ls -ld /usr/local/mailman/archives/private drwxrws--- 10 mailman mailman 512 Dec 28 15:45 /usr/local/mailman/archives/private dns1# ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders drwxrwsr-x 2 mailman mailman 512 Dec 19 17:57 /usr/local/mailman/archives/private/bps_comp_print_reminders dns1# david