Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Dec 2009 18:56:58 +0000
From:      David Southwell <david@vizion2000.net>
To:        glarkin@freebsd.org
Cc:        Boris Kochergin <spawk@acm.poly.edu>, freebsd-ports@freebsd.org
Subject:   Re: mailman web access to archives failure:
Message-ID:  <200912291856.58383.david@vizion2000.net>
In-Reply-To: <4B3A4F43.5040003@FreeBSD.org>
References:  <200912291421.16006.david@vizion2000.net> <200912291837.44103.david@vizion2000.net> <4B3A4F43.5040003@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> David Southwell wrote:
> >> David Southwell wrote:
> >>>> David Southwell wrote:
> >>>> [...]
> >>>>
> >>>>> Thank you Boris
> >>>>>
> >>>>> After reading your files I changed the httpd.conf to follow your
> >>>>> format but it still did not work :-(.
> >>>>>
> >>>>> Here are my entries:
> >>>>>
> >>>>>
> >>>>> # This should be changed to whatever you set DocumentRoot to.
> >>>>> #
> >>>>> <Directory "/usr_www/virtualwebs/vizion2000.net">
> >>>>>     #
> >>>>>     # Possible values for the Options directive are "None", "All",
> >>>>>     # or any combination of:
> >>>>>     #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
> >>>>> MultiViews
> >>>>>     #
> >>>>>     # Note that "MultiViews" must be named *explicitly* --- "Options
> >>>>> All" # doesn't give it to you.
> >>>>>     #
> >>>>>     # The Options directive is both complicated and important. 
> >>>>> Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options #
> >>>>> for more information.
> >>>>>     #
> >>>>>     Options Indexes FollowSymLinks
> >>>>>
> >>>>>     #
> >>>>>     # AllowOverride controls what directives may be placed in
> >>>>> .htaccess files. # It can be "All", "None", or any combination of the
> >>>>> keywords: # Options FileInfo AuthConfig Limit
> >>>>>     #
> >>>>>     AllowOverride None
> >>>>>
> >>>>>     #
> >>>>>     # Controls who can get stuff from this server.
> >>>>>     #
> >>>>>     Order allow,deny
> >>>>>     Allow from all
> >>>>>
> >>>>> </Directory>
> >>>>> ScriptAlias /mailman     " /usr/local/mailman/cgi-bin"
> >>>>> <Directory "/usr/local/mailman/cgi-bin/">
> >>>>>         Options ExecCGI
> >>>>>         Order allow,deny
> >>>>>         Allow from all
> >>>>>      </Directory>
> >>>>> Alias /pipermail "/usr/local/mailman/archives/public"
> >>>>> <Directory "/usr/local/mailman/archives/public/">
> >>>>>  Options  ExecCGI FollowSymLinks
> >>>>>        Order allow,deny
> >>>>>           Allow from all
> >>>>> Options Indexes MultiViews
> >>>>>   AddDefaultCharset Off
> >>>>> DirectoryIndex index.html
> >>>>>     </Directory>
> >>>>> #
> >>>>>
> >>>>> Seems I am struggling with this.
> >>>>>
> >>>>> Thanks again for all your help. Lets hope I can someone can spot
> >>>>> something soon. These things are usually caused by a daft error on my
> >>>>> part!!
> >>>>>
> >>>>> David
> >>>>> _______________________________________________
> >>>>
> >>>> Hi David,
> >>>>
> >>>> Can you post a listing of the contents of the directory
> >>>> /usr/local/mailman/archives/public/?
> >>>>
> >>>> Also, please visit
> >>>> http://www.vizion2000.net/pipermail/bps_comp_print_reminders/ and post
> >>>> the request errors from httpd-error.log.
> >>>>
> >>>> Thank you,
> >>>> Greg
> >>>
> >>> Hi Greg
> >>>
> >>> Thanks for staying with this - here is the info you asked for:
> >>>
> >>> dns1# cd /usr/local/mailman/archives/public/
> >>> dns1# ls -l
> >>> total 0
> >>> lrwxr-xr-x  1 www  www  55 Dec 19 17:58 bps_comp_print_chat ->
> >>> /usr/local/mailman/archives/private/bps_comp_print_chat
> >>> lrwxr-xr-x  1 www  www  60 Dec 19 17:57 bps_comp_print_reminders ->
> >>> /usr/local/mailman/archives/private/bps_comp_print_reminders
> >>> lrwxr-xr-x  1 www  www  60 Dec 19 17:56 bps_comps_print_announce ->
> >>> /usr/local/mailman/archives/private/bps_comps_print_announce
> >>> dns1#
> >>>
> >>> error-log shows:
> >>> [Tue Dec 29 17:46:00 2009] [error] [client 62.49.197.50] Symbolic link
> >>> not allowed or link target not accessible:
> >>> /usr/local/mailman/archives/public/bps_comp_print_reminders
> >>>
> >>> Sudden thought I had not mentioned:
> >>>
> >>> This server is running SSL
> >>> (Apache/2.2.14 mod_ssl/2.2.14)
> >>>
> >>> Is there any chance that could possibly affect access to the archives??
> >>> Everything else works. Incidentally /usr/local/mailman/ and its
> >>> subdirectories are on a separate physical drive to the document root
> >>> which is
> >>> /usr_www/virtualwebs/vizion2000.net/
> >>> Thanks again
> >>>
> >>> David
> >>
> >> Hi David,
> >>
> >> I don't think it's an issue with the version of Apache, but rather a
> >> permissions issue on your "private" directory.
> >>
> >> The quickest way to determine where the problem lies is by running
> >> Apache inside of truss (http://bit.ly/DFWAr).  With the proper command
> >> line arguments, truss should reveal the cause of the "link target not
> >> accessible" error.
> >>
> >> However, you can also try to figure it out by determining the uid/gid of
> >> your Apache processes and inspecting the permissions in the mailman
> >> directory hierarchy.
> >>
> >> Type this:
> >>
> >>     egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf
> >>
> >> Note the results.  On my system, it prints:
> >>
> >>     User www
> >>     Group www
> >>
> >> Next, run each of the following commands in order, noting if any of the
> >> permissions prevent the Apache uid/gid from accessing the directory.
> >>
> >>     ls -ld /
> >>     ls -ld /usr
> >>     ls -ld /usr/local
> >>     ls -ld /usr/local/mailman
> >>     ls -ld /usr/local/mailman/archives
> >>     ls -ld /usr/local/mailman/archives/private
> >>     ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders
> >>
> >> My guess is that you'll find some permissions that need to be loosened
> >> slightly.  I'm not familiar with mailman, so I'm assuming that the web
> >> interface scripts run with the uid/gid of the Apache process. If they
> >> don't for some reason, you'll need to know their uid/gid to do this
> >> analysis.
> >
> > Here-tis
> > dns1# egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf
> > User www
> > Group www
> > dns1#  ls -ld /
> > drwxr-xr-x  36 root  wheel  1024 Dec 19 11:36 /
> > dns1#  ls -ld /
> > drwxr-xr-x  36 root  wheel  1024 Dec 19 11:36 /
> > dns1# ls -ld /usr
> > drwxr-xr-x  23 root  wheel  512 Dec 12 14:21 /usr
> > dns1# ls -ld /usr/local
> > drwxr-xr-x  27 root  wheel  512 Dec 15 15:54 /usr/local
> > dns1# ls -ld /usr/local/mailman
> > drwxrwsr-x  20 mailman  mailman  512 Dec 28 13:07 /usr/local/mailman
> > dns1# ls -ld /usr/local/mailman/archives
> > drwxrwsr-x  4 root  mailman  512 Dec 28 13:07 /usr/local/mailman/archives
> > dns1# ls -ld /usr/local/mailman/archives/private
> > drwxrws---  10 mailman  mailman  512 Dec 28 15:45
> > /usr/local/mailman/archives/private
> > dns1# ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders
> > drwxrwsr-x  2 mailman  mailman  512 Dec 19 17:57
> > /usr/local/mailman/archives/private/bps_comp_print_reminders
> > dns1#
> > david
> 
> Hi David,
> 
> This directory has a problem if mailman runs its scripts with uid/gid of
> www/www:
> 
> drwxrws---  10 mailman  mailman  512 Dec 28 15:45
> /usr/local/mailman/archives/private
> 
> "Other" users (including www) are prevented from entering that directory.
> 
> Have you tried running the check_perms scripts from the mailman package?
>  That may help you determine where the problem is.  More information can
> be found here, along with some specific info about the permissions for
> the private directory: http://bit.ly/7Ht0rS
> 
> Hope that helps,
> Greg
> 
Yes I did run the perms script - but that was before I made the changes to 
httpd.conf . I have just rerun check_perms and all is now working!!!

You guys have been brilliant - it looks as though the problem was a 
combination of errors in ownership of  mailman/archives, plus mal-configured 
httpd.conf and my apache virtual configuration files. Once I got thtose 
soirted out as a result of all the advice I received, the problem has gone 
away.

Many thanks

David



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912291856.58383.david>