From owner-freebsd-ports@FreeBSD.ORG Tue Dec 29 18:57:20 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 744061065679; Tue, 29 Dec 2009 18:57:20 +0000 (UTC) (envelope-from david@vizion2000.net) Received: from dns1.vizion2000.net (dns1.vizion2000.net [62.49.197.50]) by mx1.freebsd.org (Postfix) with ESMTP id F1F8E8FC1B; Tue, 29 Dec 2009 18:57:19 +0000 (UTC) Received: by dns1.vizion2000.net (Postfix, from userid 1001) id 704D834D456; Tue, 29 Dec 2009 18:56:58 +0000 (GMT) From: David Southwell Organization: Voice & Vision To: glarkin@freebsd.org Date: Tue, 29 Dec 2009 18:56:58 +0000 User-Agent: KMail/1.12.4 (FreeBSD/7.2-RELEASE-p3; KDE/4.3.4; amd64; ; ) References: <200912291421.16006.david@vizion2000.net> <200912291837.44103.david@vizion2000.net> <4B3A4F43.5040003@FreeBSD.org> In-Reply-To: <4B3A4F43.5040003@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200912291856.58383.david@vizion2000.net> Cc: Boris Kochergin , freebsd-ports@freebsd.org Subject: Re: mailman web access to archives failure: X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 18:57:20 -0000 > David Southwell wrote: > >> David Southwell wrote: > >>>> David Southwell wrote: > >>>> [...] > >>>> > >>>>> Thank you Boris > >>>>> > >>>>> After reading your files I changed the httpd.conf to follow your > >>>>> format but it still did not work :-(. > >>>>> > >>>>> Here are my entries: > >>>>> > >>>>> > >>>>> # This should be changed to whatever you set DocumentRoot to. > >>>>> # > >>>>> > >>>>> # > >>>>> # Possible values for the Options directive are "None", "All", > >>>>> # or any combination of: > >>>>> # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI > >>>>> MultiViews > >>>>> # > >>>>> # Note that "MultiViews" must be named *explicitly* --- "Options > >>>>> All" # doesn't give it to you. > >>>>> # > >>>>> # The Options directive is both complicated and important. > >>>>> Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # > >>>>> for more information. > >>>>> # > >>>>> Options Indexes FollowSymLinks > >>>>> > >>>>> # > >>>>> # AllowOverride controls what directives may be placed in > >>>>> .htaccess files. # It can be "All", "None", or any combination of the > >>>>> keywords: # Options FileInfo AuthConfig Limit > >>>>> # > >>>>> AllowOverride None > >>>>> > >>>>> # > >>>>> # Controls who can get stuff from this server. > >>>>> # > >>>>> Order allow,deny > >>>>> Allow from all > >>>>> > >>>>> > >>>>> ScriptAlias /mailman " /usr/local/mailman/cgi-bin" > >>>>> > >>>>> Options ExecCGI > >>>>> Order allow,deny > >>>>> Allow from all > >>>>> > >>>>> Alias /pipermail "/usr/local/mailman/archives/public" > >>>>> > >>>>> Options ExecCGI FollowSymLinks > >>>>> Order allow,deny > >>>>> Allow from all > >>>>> Options Indexes MultiViews > >>>>> AddDefaultCharset Off > >>>>> DirectoryIndex index.html > >>>>> > >>>>> # > >>>>> > >>>>> Seems I am struggling with this. > >>>>> > >>>>> Thanks again for all your help. Lets hope I can someone can spot > >>>>> something soon. These things are usually caused by a daft error on my > >>>>> part!! > >>>>> > >>>>> David > >>>>> _______________________________________________ > >>>> > >>>> Hi David, > >>>> > >>>> Can you post a listing of the contents of the directory > >>>> /usr/local/mailman/archives/public/? > >>>> > >>>> Also, please visit > >>>> http://www.vizion2000.net/pipermail/bps_comp_print_reminders/ and post > >>>> the request errors from httpd-error.log. > >>>> > >>>> Thank you, > >>>> Greg > >>> > >>> Hi Greg > >>> > >>> Thanks for staying with this - here is the info you asked for: > >>> > >>> dns1# cd /usr/local/mailman/archives/public/ > >>> dns1# ls -l > >>> total 0 > >>> lrwxr-xr-x 1 www www 55 Dec 19 17:58 bps_comp_print_chat -> > >>> /usr/local/mailman/archives/private/bps_comp_print_chat > >>> lrwxr-xr-x 1 www www 60 Dec 19 17:57 bps_comp_print_reminders -> > >>> /usr/local/mailman/archives/private/bps_comp_print_reminders > >>> lrwxr-xr-x 1 www www 60 Dec 19 17:56 bps_comps_print_announce -> > >>> /usr/local/mailman/archives/private/bps_comps_print_announce > >>> dns1# > >>> > >>> error-log shows: > >>> [Tue Dec 29 17:46:00 2009] [error] [client 62.49.197.50] Symbolic link > >>> not allowed or link target not accessible: > >>> /usr/local/mailman/archives/public/bps_comp_print_reminders > >>> > >>> Sudden thought I had not mentioned: > >>> > >>> This server is running SSL > >>> (Apache/2.2.14 mod_ssl/2.2.14) > >>> > >>> Is there any chance that could possibly affect access to the archives?? > >>> Everything else works. Incidentally /usr/local/mailman/ and its > >>> subdirectories are on a separate physical drive to the document root > >>> which is > >>> /usr_www/virtualwebs/vizion2000.net/ > >>> Thanks again > >>> > >>> David > >> > >> Hi David, > >> > >> I don't think it's an issue with the version of Apache, but rather a > >> permissions issue on your "private" directory. > >> > >> The quickest way to determine where the problem lies is by running > >> Apache inside of truss (http://bit.ly/DFWAr). With the proper command > >> line arguments, truss should reveal the cause of the "link target not > >> accessible" error. > >> > >> However, you can also try to figure it out by determining the uid/gid of > >> your Apache processes and inspecting the permissions in the mailman > >> directory hierarchy. > >> > >> Type this: > >> > >> egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf > >> > >> Note the results. On my system, it prints: > >> > >> User www > >> Group www > >> > >> Next, run each of the following commands in order, noting if any of the > >> permissions prevent the Apache uid/gid from accessing the directory. > >> > >> ls -ld / > >> ls -ld /usr > >> ls -ld /usr/local > >> ls -ld /usr/local/mailman > >> ls -ld /usr/local/mailman/archives > >> ls -ld /usr/local/mailman/archives/private > >> ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders > >> > >> My guess is that you'll find some permissions that need to be loosened > >> slightly. I'm not familiar with mailman, so I'm assuming that the web > >> interface scripts run with the uid/gid of the Apache process. If they > >> don't for some reason, you'll need to know their uid/gid to do this > >> analysis. > > > > Here-tis > > dns1# egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf > > User www > > Group www > > dns1# ls -ld / > > drwxr-xr-x 36 root wheel 1024 Dec 19 11:36 / > > dns1# ls -ld / > > drwxr-xr-x 36 root wheel 1024 Dec 19 11:36 / > > dns1# ls -ld /usr > > drwxr-xr-x 23 root wheel 512 Dec 12 14:21 /usr > > dns1# ls -ld /usr/local > > drwxr-xr-x 27 root wheel 512 Dec 15 15:54 /usr/local > > dns1# ls -ld /usr/local/mailman > > drwxrwsr-x 20 mailman mailman 512 Dec 28 13:07 /usr/local/mailman > > dns1# ls -ld /usr/local/mailman/archives > > drwxrwsr-x 4 root mailman 512 Dec 28 13:07 /usr/local/mailman/archives > > dns1# ls -ld /usr/local/mailman/archives/private > > drwxrws--- 10 mailman mailman 512 Dec 28 15:45 > > /usr/local/mailman/archives/private > > dns1# ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders > > drwxrwsr-x 2 mailman mailman 512 Dec 19 17:57 > > /usr/local/mailman/archives/private/bps_comp_print_reminders > > dns1# > > david > > Hi David, > > This directory has a problem if mailman runs its scripts with uid/gid of > www/www: > > drwxrws--- 10 mailman mailman 512 Dec 28 15:45 > /usr/local/mailman/archives/private > > "Other" users (including www) are prevented from entering that directory. > > Have you tried running the check_perms scripts from the mailman package? > That may help you determine where the problem is. More information can > be found here, along with some specific info about the permissions for > the private directory: http://bit.ly/7Ht0rS > > Hope that helps, > Greg > Yes I did run the perms script - but that was before I made the changes to httpd.conf . I have just rerun check_perms and all is now working!!! You guys have been brilliant - it looks as though the problem was a combination of errors in ownership of mailman/archives, plus mal-configured httpd.conf and my apache virtual configuration files. Once I got thtose soirted out as a result of all the advice I received, the problem has gone away. Many thanks David