From owner-freebsd-ports@FreeBSD.ORG  Tue Dec 29 18:22:37 2009
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5DA9B1065670
	for <freebsd-ports@freebsd.org>; Tue, 29 Dec 2009 18:22:37 +0000 (UTC)
	(envelope-from glarkin@FreeBSD.org)
Received: from mail1.sourcehosting.net (113901-app1.sourcehosting.net
	[72.32.213.11]) by mx1.freebsd.org (Postfix) with ESMTP id 370858FC1E
	for <freebsd-ports@freebsd.org>; Tue, 29 Dec 2009 18:22:37 +0000 (UTC)
Received: from 68-189-245-235.dhcp.oxfr.ma.charter.com ([68.189.245.235]
	helo=cube.entropy.prv)
	by mail1.sourcehosting.net with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <glarkin@FreeBSD.org>)
	id 1NPgiE-000865-D0; Tue, 29 Dec 2009 13:22:36 -0500
Received: from [127.0.0.1] (fireball.entropy.prv [192.168.1.12])
	by cube.entropy.prv (Postfix) with ESMTP
	id 4718D396097A; Tue, 29 Dec 2009 13:22:30 -0500 (EST)
Message-ID: <4B3A48E2.2060108@FreeBSD.org>
Date: Tue, 29 Dec 2009 13:22:26 -0500
From: Greg Larkin <glarkin@FreeBSD.org>
Organization: The FreeBSD Project
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: David Southwell <david@vizion2000.net>
References: <200912291421.16006.david@vizion2000.net>
	<200912291647.42874.david@vizion2000.net>
	<4B3A3F14.40601@FreeBSD.org>
	<200912291754.27503.david@vizion2000.net>
In-Reply-To: <200912291754.27503.david@vizion2000.net>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1C940290
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
Cc: Boris Kochergin <spawk@acm.poly.edu>, freebsd-ports@freebsd.org
Subject: Re: mailman web access to archives failure:
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: glarkin@FreeBSD.org
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2009 18:22:37 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Southwell wrote:
>> David Southwell wrote:
>> [...]
>>
>>> Thank you Boris
>>>
>>> After reading your files I changed the httpd.conf to follow your format
>>> but it still did not work :-(.
>>>
>>> Here are my entries:
>>>
>>>
>>> # This should be changed to whatever you set DocumentRoot to.
>>> #
>>> <Directory "/usr_www/virtualwebs/vizion2000.net">
>>>     #
>>>     # Possible values for the Options directive are "None", "All",
>>>     # or any combination of:
>>>     #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
>>> MultiViews
>>>     #
>>>     # Note that "MultiViews" must be named *explicitly* --- "Options All"
>>>     # doesn't give it to you.
>>>     #
>>>     # The Options directive is both complicated and important.  Please
>>> see # http://httpd.apache.org/docs/2.2/mod/core.html#options
>>>     # for more information.
>>>     #
>>>     Options Indexes FollowSymLinks
>>>
>>>     #
>>>     # AllowOverride controls what directives may be placed in .htaccess
>>> files. # It can be "All", "None", or any combination of the keywords: #  
>>> Options FileInfo AuthConfig Limit
>>>     #
>>>     AllowOverride None
>>>
>>>     #
>>>     # Controls who can get stuff from this server.
>>>     #
>>>     Order allow,deny
>>>     Allow from all
>>>
>>> </Directory>
>>> ScriptAlias /mailman     " /usr/local/mailman/cgi-bin"
>>> <Directory "/usr/local/mailman/cgi-bin/">
>>>         Options ExecCGI
>>>         Order allow,deny
>>>         Allow from all
>>>      </Directory>
>>> Alias /pipermail "/usr/local/mailman/archives/public"
>>> <Directory "/usr/local/mailman/archives/public/">
>>>  Options  ExecCGI FollowSymLinks
>>>        Order allow,deny
>>>           Allow from all
>>> Options Indexes MultiViews
>>>   AddDefaultCharset Off
>>> DirectoryIndex index.html
>>>     </Directory>
>>> #
>>>
>>> Seems I am struggling with this.
>>>
>>> Thanks again for all your help. Lets hope I can someone can spot
>>> something soon. These things are usually caused by a daft error on my
>>> part!!
>>>
>>> David
>>> _______________________________________________
>> Hi David,
>>
>> Can you post a listing of the contents of the directory
>> /usr/local/mailman/archives/public/?
>>
>> Also, please visit
>> http://www.vizion2000.net/pipermail/bps_comp_print_reminders/ and post
>> the request errors from httpd-error.log.
>>
>> Thank you,
>> Greg
>>
> 
> Hi Greg
> 
> Thanks for staying with this - here is the info you asked for:
> 
> dns1# cd /usr/local/mailman/archives/public/
> dns1# ls -l
> total 0
> lrwxr-xr-x  1 www  www  55 Dec 19 17:58 bps_comp_print_chat -> 
> /usr/local/mailman/archives/private/bps_comp_print_chat
> lrwxr-xr-x  1 www  www  60 Dec 19 17:57 bps_comp_print_reminders -> 
> /usr/local/mailman/archives/private/bps_comp_print_reminders
> lrwxr-xr-x  1 www  www  60 Dec 19 17:56 bps_comps_print_announce -> 
> /usr/local/mailman/archives/private/bps_comps_print_announce
> dns1#
> 
> error-log shows:
> [Tue Dec 29 17:46:00 2009] [error] [client 62.49.197.50] Symbolic link not 
> allowed or link target not accessible: 
> /usr/local/mailman/archives/public/bps_comp_print_reminders
> 
> Sudden thought I had not mentioned:
> 
> This server is running SSL
> (Apache/2.2.14 mod_ssl/2.2.14)
> 
> Is there any chance that could possibly affect access to the archives?? 
> Everything else works. Incidentally /usr/local/mailman/ and its subdirectories 
> are on a separate physical drive to the document root  which is 
> /usr_www/virtualwebs/vizion2000.net/
> Thanks again
> 
> David
> 

Hi David,

I don't think it's an issue with the version of Apache, but rather a
permissions issue on your "private" directory.

The quickest way to determine where the problem lies is by running
Apache inside of truss (http://bit.ly/DFWAr).  With the proper command
line arguments, truss should reveal the cause of the "link target not
accessible" error.

However, you can also try to figure it out by determining the uid/gid of
your Apache processes and inspecting the permissions in the mailman
directory hierarchy.

Type this:

    egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf

Note the results.  On my system, it prints:

    User www
    Group www

Next, run each of the following commands in order, noting if any of the
permissions prevent the Apache uid/gid from accessing the directory.

    ls -ld /
    ls -ld /usr
    ls -ld /usr/local
    ls -ld /usr/local/mailman
    ls -ld /usr/local/mailman/archives
    ls -ld /usr/local/mailman/archives/private
    ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders

My guess is that you'll find some permissions that need to be loosened
slightly.  I'm not familiar with mailman, so I'm assuming that the web
interface scripts run with the uid/gid of the Apache process. If they
don't for some reason, you'll need to know their uid/gid to do this
analysis.

Hope that helps,
Greg
- --
Greg Larkin

http://www.FreeBSD.org/           - The Power To Serve
http://www.sourcehosting.net/     - Ready. Set. Code.
http://twitter.com/sourcehosting/ - Follow me, follow you
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFLOkji0sRouByUApARAmlUAJ9v+HKwlllXYQh9HRbZvuLM2KVZGgCeLD9c
XJhoR0mJ/dP4s9ejjwJSJWo=
=b1wR
-----END PGP SIGNATURE-----