Date: Tue, 29 Dec 2009 13:49:39 -0500 From: Greg Larkin <glarkin@FreeBSD.org> To: David Southwell <david@vizion2000.net> Cc: Boris Kochergin <spawk@acm.poly.edu>, freebsd-ports@freebsd.org Subject: Re: mailman web access to archives failure: Message-ID: <4B3A4F43.5040003@FreeBSD.org> In-Reply-To: <200912291837.44103.david@vizion2000.net> References: <200912291421.16006.david@vizion2000.net> <200912291754.27503.david@vizion2000.net> <4B3A48E2.2060108@FreeBSD.org> <200912291837.44103.david@vizion2000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Southwell wrote: >> David Southwell wrote: >>>> David Southwell wrote: >>>> [...] >>>> >>>>> Thank you Boris >>>>> >>>>> After reading your files I changed the httpd.conf to follow your format >>>>> but it still did not work :-(. >>>>> >>>>> Here are my entries: >>>>> >>>>> >>>>> # This should be changed to whatever you set DocumentRoot to. >>>>> # >>>>> <Directory "/usr_www/virtualwebs/vizion2000.net"> >>>>> # >>>>> # Possible values for the Options directive are "None", "All", >>>>> # or any combination of: >>>>> # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI >>>>> MultiViews >>>>> # >>>>> # Note that "MultiViews" must be named *explicitly* --- "Options >>>>> All" # doesn't give it to you. >>>>> # >>>>> # The Options directive is both complicated and important. Please >>>>> see # http://httpd.apache.org/docs/2.2/mod/core.html#options >>>>> # for more information. >>>>> # >>>>> Options Indexes FollowSymLinks >>>>> >>>>> # >>>>> # AllowOverride controls what directives may be placed in .htaccess >>>>> files. # It can be "All", "None", or any combination of the keywords: # >>>>> Options FileInfo AuthConfig Limit >>>>> # >>>>> AllowOverride None >>>>> >>>>> # >>>>> # Controls who can get stuff from this server. >>>>> # >>>>> Order allow,deny >>>>> Allow from all >>>>> >>>>> </Directory> >>>>> ScriptAlias /mailman " /usr/local/mailman/cgi-bin" >>>>> <Directory "/usr/local/mailman/cgi-bin/"> >>>>> Options ExecCGI >>>>> Order allow,deny >>>>> Allow from all >>>>> </Directory> >>>>> Alias /pipermail "/usr/local/mailman/archives/public" >>>>> <Directory "/usr/local/mailman/archives/public/"> >>>>> Options ExecCGI FollowSymLinks >>>>> Order allow,deny >>>>> Allow from all >>>>> Options Indexes MultiViews >>>>> AddDefaultCharset Off >>>>> DirectoryIndex index.html >>>>> </Directory> >>>>> # >>>>> >>>>> Seems I am struggling with this. >>>>> >>>>> Thanks again for all your help. Lets hope I can someone can spot >>>>> something soon. These things are usually caused by a daft error on my >>>>> part!! >>>>> >>>>> David >>>>> _______________________________________________ >>>> Hi David, >>>> >>>> Can you post a listing of the contents of the directory >>>> /usr/local/mailman/archives/public/? >>>> >>>> Also, please visit >>>> http://www.vizion2000.net/pipermail/bps_comp_print_reminders/ and post >>>> the request errors from httpd-error.log. >>>> >>>> Thank you, >>>> Greg >>> Hi Greg >>> >>> Thanks for staying with this - here is the info you asked for: >>> >>> dns1# cd /usr/local/mailman/archives/public/ >>> dns1# ls -l >>> total 0 >>> lrwxr-xr-x 1 www www 55 Dec 19 17:58 bps_comp_print_chat -> >>> /usr/local/mailman/archives/private/bps_comp_print_chat >>> lrwxr-xr-x 1 www www 60 Dec 19 17:57 bps_comp_print_reminders -> >>> /usr/local/mailman/archives/private/bps_comp_print_reminders >>> lrwxr-xr-x 1 www www 60 Dec 19 17:56 bps_comps_print_announce -> >>> /usr/local/mailman/archives/private/bps_comps_print_announce >>> dns1# >>> >>> error-log shows: >>> [Tue Dec 29 17:46:00 2009] [error] [client 62.49.197.50] Symbolic link >>> not allowed or link target not accessible: >>> /usr/local/mailman/archives/public/bps_comp_print_reminders >>> >>> Sudden thought I had not mentioned: >>> >>> This server is running SSL >>> (Apache/2.2.14 mod_ssl/2.2.14) >>> >>> Is there any chance that could possibly affect access to the archives?? >>> Everything else works. Incidentally /usr/local/mailman/ and its >>> subdirectories are on a separate physical drive to the document root >>> which is >>> /usr_www/virtualwebs/vizion2000.net/ >>> Thanks again >>> >>> David >> Hi David, >> >> I don't think it's an issue with the version of Apache, but rather a >> permissions issue on your "private" directory. >> >> The quickest way to determine where the problem lies is by running >> Apache inside of truss (http://bit.ly/DFWAr). With the proper command >> line arguments, truss should reveal the cause of the "link target not >> accessible" error. >> >> However, you can also try to figure it out by determining the uid/gid of >> your Apache processes and inspecting the permissions in the mailman >> directory hierarchy. >> >> Type this: >> >> egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf >> >> Note the results. On my system, it prints: >> >> User www >> Group www >> >> Next, run each of the following commands in order, noting if any of the >> permissions prevent the Apache uid/gid from accessing the directory. >> >> ls -ld / >> ls -ld /usr >> ls -ld /usr/local >> ls -ld /usr/local/mailman >> ls -ld /usr/local/mailman/archives >> ls -ld /usr/local/mailman/archives/private >> ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders >> >> My guess is that you'll find some permissions that need to be loosened >> slightly. I'm not familiar with mailman, so I'm assuming that the web >> interface scripts run with the uid/gid of the Apache process. If they >> don't for some reason, you'll need to know their uid/gid to do this >> analysis. >> > > Here-tis > dns1# egrep '^(Group|User)' /usr/local/etc/apache22/httpd.conf > User www > Group www > dns1# ls -ld / > drwxr-xr-x 36 root wheel 1024 Dec 19 11:36 / > dns1# ls -ld / > drwxr-xr-x 36 root wheel 1024 Dec 19 11:36 / > dns1# ls -ld /usr > drwxr-xr-x 23 root wheel 512 Dec 12 14:21 /usr > dns1# ls -ld /usr/local > drwxr-xr-x 27 root wheel 512 Dec 15 15:54 /usr/local > dns1# ls -ld /usr/local/mailman > drwxrwsr-x 20 mailman mailman 512 Dec 28 13:07 /usr/local/mailman > dns1# ls -ld /usr/local/mailman/archives > drwxrwsr-x 4 root mailman 512 Dec 28 13:07 /usr/local/mailman/archives > dns1# ls -ld /usr/local/mailman/archives/private > drwxrws--- 10 mailman mailman 512 Dec 28 15:45 > /usr/local/mailman/archives/private > dns1# ls -ld /usr/local/mailman/archives/private/bps_comp_print_reminders > drwxrwsr-x 2 mailman mailman 512 Dec 19 17:57 > /usr/local/mailman/archives/private/bps_comp_print_reminders > dns1# > david Hi David, This directory has a problem if mailman runs its scripts with uid/gid of www/www: drwxrws--- 10 mailman mailman 512 Dec 28 15:45 /usr/local/mailman/archives/private "Other" users (including www) are prevented from entering that directory. Have you tried running the check_perms scripts from the mailman package? That may help you determine where the problem is. More information can be found here, along with some specific info about the permissions for the private directory: http://bit.ly/7Ht0rS Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLOk9D0sRouByUApARAtF+AJ9iCTw06vui8J8kxJBfm4gpMDM9QwCgrZqT vEb6JsbhlswvsZcOPV54+b8= =yXKi -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B3A4F43.5040003>