mailman on cPanel

Discussion in 'Apache Migration/Compatibility' started by pizzaman, Sep 19, 2006.

  1. pizzaman

    pizzaman New Member

    Have been running LSWS 2.2.x happily in one busy production cPanel box for a week and no single issue comes up. :)

    Today a customer reports that when he accessed mailman interface through "http://domain1.com/mailman/admindb/list1_domain1.com", he got a 403 Forbidden error. I checked and confirmed his error.

    In httpd.conf:
    Alias /mailman/archives/ /usr/local/cpanel/3rdparty/mailman/archives/public/
    ScriptAlias /mailman/ /usr/local/cpanel/3rdparty/mailman/cgi-bin/

    LSWS access_log:
    1.2.3.4 - - [19/Sep/2006:12:20:23 +0700] "GET /mailman/admindb/list1_domain1.com HTTP/1.1" 404 390 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7"

    LSWS looks for the script in httpd's docroot, and not the full path to ScriptAlias?

    # ls -al /usr/local/cpanel/3rdparty/mailman/cgi-bin/admin*
    -rwxr-sr-x 1 mailman mailman 69676 Jun 3 14:30 /usr/local/cpanel/3rdparty/mailman/cgi-bin/admin*
    -rwxr-sr-x 1 mailman mailman 69708 Jun 3 14:30 /usr/local/cpanel/3rdparty/mailman/cgi-bin/admindb*

    Thanks
  2. mistwang

    mistwang LiteSpeed Staff

    That's because LSWS does not allow setuid or setgid CGI scripts by default. Mailman's CGI script is setgid. I updated the latest 2.2.2 package, please download and install again.

    To make mailman CGI happy, you also need to set "Force GID" under server->"security"->"CGI resource control" to the gid of "nobody" group.

    Please let me know the result.
  3. pizzaman

    pizzaman New Member

    OK, that fixes mailman issue.

    But wouldn't force running CGI as nobody group break other users' CGI scripts in the system?
  4. pizzaman

    pizzaman New Member

    Another issue is that, every customer's script in their /cgi-bin/ is now 404. Everyone's script will always be read from server docroot cgi-bin (/usr/local/apache/cgi-bin/).

    I think this just comes up with the latest version or so.
  5. mistwang

    mistwang LiteSpeed Staff

    Fixed, please download 2.2.2 release again.
    Please let me know the result. :)
  6. pizzaman

    pizzaman New Member

    I'm glad this latest 2.2.2 fixes it.

    - mailman is working ok (needed to force group to nobody)
    - users cgi-bin work again

    I hope this is the last surprise I'm going to get from the latest 2.2.2. ;)

    Thanks!
  7. mistwang

    mistwang LiteSpeed Staff

    That's great!

    I think it is alright, as long as nobody group has no permission to access all users' directories, one user will not able to peek another user's file.
  8. pizzaman

    pizzaman New Member

    Alright, I'll see if this is the last bug ( :) )before we can deploy LSWS in all cPanel boxes. Thanks.

Share This Page