You don’t have permission to access /pipermail/bsdcan-announce/ on this server – mailman

Leave a Comment / Mailman, Open Source / By

I ran into this problem today and spent about 2 hours trying to figure out what went wrong. I composed an email to the Mailman mailing list and never sent it, because I solved the problem.

Here is that email:

Subject: Cannot view archives via website

Hello,

I think this is solved, but I’m posting anyway.

I *think* the issue is one of permission: Apache, running as user www, cannot access the private directories. The symlink is correct. I also think I have a correct solution, but I’m writing to get a second opinion on this.

Versions in use:

  1. apache22-2.2.29_2
  2. mailman-2.1.18.1_5
  3. python27-2.7.9

This issue has arisen on a long established Mailman installation. My guess is recent upgrade (perhaps Mailman & Apache) have given rise to the problem. The issue affects all lists on this server, which hosts multiple domains.

The issue can be viewed at http://lists.bsdcan.org/pipermail/bsdcan-announce/ & http://lists.pgcon.org/pipermail/pgcon-announce/ where you will see:

Forbidden

You don't have permission to access /pipermail/bsdcan-announce/ on this server.

The error messages are:

*** lists.bsdcan.org-access.log ***
10.0.0.1 - - [06/Jan/2015:00:13:32 +0000] "GET /pipermail/bsdcan-announce/ HTTP/1.1" 403 228 "http://lists.bsdcan.org/mailman/listinfo/bsdcan-announce" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"

*** lists.bsdcan.org-error.log ***
[Tue Jan 06 00:13:32 2015] [error] [client 10.0.0.1] Symbolic link not allowed or link target not accessible: /usr/local/mailman/archives/public/bsdcan-announce, referer: http://lists.bsdcan.org/mailman/listinfo/bsdcan-announce

Some permissions from /usr/local/mailman/archives/public:

# ls -ld . bsdcan-announce pgcon-announce
drwxrwsr-x  2 root  mailman  512 Jan  5 22:36 .
lrwxr-xr-x  1 root  mailman   51 Jan  5 22:28 bsdcan-announce -> /usr/local/mailman/archives/private/bsdcan-announce
lrwxr-xr-x  1 root  mailman   50 Nov 28  2006 pgcon-announce -> /usr/local/mailman/archives/private/pgcon-announce

Each Apache vhost contains this:

  <Directory "/usr/local/mailman/archives/public">
    AllowOverride None
    Options Indexes FollowSymlinks MultiViews
    Order allow,deny
    Allow from all
  </Directory>

I have verified permissions:

# bin/check_perms 
No problems found

My solution: chown www /usr/local/mailman/archives/private

Good? Bad?

FYI, check_perms is OK with that.

Based on http://www.gnu.org/software/mailman/mailman-install/node9.html it seems to be the right thing to do.


Dan Langille
http://langille.org/

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top