403 error on mailman public archives

[JanKrohn]

Hello,

I have about 10 years experience with cPanel, but I'm new to WHM and SSH (upgraded to a VPS a week ago).

During migration, a couple of Mailman lists were copied over. Now since the VPS has sufficent resources for archives, I switched on archiving on all existing (migrated) lists. However, this is what I get on the archiving page:

"You don't have permission to access /pipermail/kindle_heidoc.net/ on this server."
/http://heidoc.net/pipermail/kindle_heidoc.net//

I also created a new test list, switched on archiving, and it works fine:

"No messages have been posted to this list yet, so the archives are currently empty. You can get more information about this list."
/http://heidoc.net/pipermail/test_heidoc.net/

I already executed check_perm, which apparently fixed lots of permissions, but this issue still persists.

On the previous account, the archives are in the mailman folder, not pipermail:

/http://213.5.177.178/mailman/private/kindle_heidoc.net//

If I go to the private archives on the new account, the archive is displayed...
/http://heidoc.net/mailman/private/kindle_heidoc.net/
Still no public archive though.

Archive folder permissions are the same for migrated lists and newly created list. All public archive folders have permission lrwxrwxrwx, all private archive folders have permission lrwxrwxr-x

So far for my analysis. My web hoster has no further idea on this issue, so they suggsted creating a ticket with WHM. Before I do so, is there any idea about the root cause here?

Best wishes,
Jan

 

[quanin]

I've seen this issue before, however in order to make sure we're talking about the same issue, here's what I'd like to verify.
1: on the list giving you the 403 error, do the following: stat /usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net
2: That should, if the migration did what it's supposed to, give you a stat output beginning with: "File: `/usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net' -> `/usr/local/cpanel/3rdparty/mailman/archives/private/kindle_heidoc.net'".
3: If the beginning of your stat output doesn't look like this, then that's a large part of our issue--and it's one I've addressed before, and CPanel has reportedly fixed (See also: [Case 46222] Mailman updating private archives but not public ones after a reinstall).
4: If your output looks like my example, then we have a potential other issue that I can try and help you solve.

 

[JanKrohn]

This is the same as in the example you've given me (unless I'm overlooking something).

  File: `/usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net' -> `/usr/local/cpanel/3rdparty/mailman/archives/private/kindle_heidoc.net'
  Size: 69              Blocks: 8          IO Block: 4096   symbolic link
Device: 90bbh/37051d    Inode: 80352825    Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (   99/  nobody)   Gid: (32006/ mailman)
Access: 2013-05-07 11:00:11.807549265 -0400
Modify: 2013-05-05 01:22:08.050640314 -0400
Change: 2013-05-05 01:22:08.050640314 -0400

I already came across your case through google research. It seems to be similar.
Where do I find the error log by the way?

Jan

 

[quanin]

You'll find it in /usr/local/apache/logs.

Also: Yes, this is exactly the problem. The fix is fairly simple.
chown mailman:mailman /usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net
And then, try accessing the archives. It should do as you ask now.

 

[JanKrohn]

No, still the same... I already restarted mailman and apache, but no difference.

 

[quanin]

Paste your error log output for me? There's a setting or something off somewhere then, likely in your apache config. Its output might help me figure out which one it is.

 

[JanKrohn]

Sure. Here it is:

[Thu May 09 02:12:35 2013] [error] [client 115.178.24.188] Symbolic link not allowed or link target not accessible: /usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net
[Thu May 09 02:12:35 2013] [error] [client 115.178.24.188] File does not exist: /home/vicfont/public_html/heidoc/403.shtml

Thanks so much for your help so far!

Jan

- - - Updated - - -

Sure. Here it is:

[Thu May 09 02:12:35 2013] [error] [client 115.178.24.188] Symbolic link not allowed or link target not accessible: /usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net
[Thu May 09 02:12:35 2013] [error] [client 115.178.24.188] File does not exist: /home/vicfont/public_html/heidoc/403.shtml

Thanks so much for your help so far!

Jan

 

[quanin]

Alright. In WHM, go to Service Configuration > Apache Configuration > Global Configuration. Make sure both FollowSymLinks and SymLinksIfOwnerMatch are enabled. Also, do a stat on the list directory in mailman/private, just in case CPanel accidentally walked over a configuration when you migrated things. It's been occasionally known to happen.

 

[JanKrohn]

Still unsuccessful... Apache settings were good, and heres the stat output.

[email protected] [/]# stat /usr/local/cpanel/3rdparty/mailman/archives/private/kindle_heidoc.net
  File: `/usr/local/cpanel/3rdparty/mailman/archives/private/kindle_heidoc.net'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 90bbh/37051d    Inode: 81137809    Links: 5
Access: (2775/drwxrwsr-x)  Uid: (32006/ mailman)   Gid: (32006/ mailman)
Access: 2013-05-09 12:45:01.215799555 -0400
Modify: 2013-05-06 03:27:01.559646893 -0400
Change: 2013-05-08 12:38:19.987549145 -0400

 

[JanKrohn]

cPanel support solved this for me. To fix ownership of the folder, the following line worked:

chown -h mailman.mailman /usr/local/cpanel/3rdparty/mailman/archives/public/kindle_heidoc.net