Mailman arhives permission problems

During initial test of mailman I found an error with apache web-user and mailman archives.

When setting up archive aliases:

Alias /pipermail/ /var/lib/mailman/archives/public/
 <Directory /var/lib/mailman/archives/public>
 Options Indexes MultiViews FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
 </Directory>

Alias /archives/ /var/lib/mailman/archives/public/
 <Directory /var/lib/mailman/archives/public>
 Options Indexes MultiViews FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
 </Directory>

And navigating to the archieves page, you will get a permission denied error message

[Sun May 27 12:08:24 2012] [error] [client 10.10.16.36] Symbolic link not allowed or link target not accessible: /var/lib/mailman/archives/public/android, referer: http://mail.example.com

After a quick look at the folder

root@mail:/etc/postfix# ls -lR /var/lib/mailman/archives/
 /var/lib/mailman/archives/:
 total 8
 drwxrws--- 4 list list 4096 May 27 12:08 private
 drwxrwsr-x 2 root list 4096 May 27 12:08 public

/var/lib/mailman/archives/private:
 total 8
 drwxrwsr-x 2 root list 4096 May 27 12:08 android
 drwxrwsr-x 2 root list 4096 May 27 12:08 android.mbox

/var/lib/mailman/archives/private/android:
 total 4
 -rw-rw-r-- 1 root list 509 May 27 12:08 index.html

/var/lib/mailman/archives/private/android.mbox:
 total 0

/var/lib/mailman/archives/public:
 total 0

The problem is that the apache web-user (in our case www-data) does’nt have any read rights on the private folder which is symlinked.

root@mail:/etc/postfix# id www-data
 uid=33(www-data) gid=33(www-data) groups=33(www-data)

Two possibilities, either add web-user to list group, or tochange rights on the folder.

Author: S4mur4i

Happy in the unhappy world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s