mailman / suexec problems?

[shannon]

Alright, here's one I couldn't find in the search anywhere...

Redhat 7.2 system, clean install + cPanel, using suexec apparently.

Client adds a mailman list to an account, seems to work okay, but going to &Edit& causes an internal server error.

Came here, searched, found &use /scripts/fixmailmanwithsuexec& so I tried that, it did it's little &Found myserver.mydomain.com with responds to ip.ip.ip.ip& routine... but still get the 500 Internal Errors..

so I check /home/apache/logs/suexec_log, and it's got a &Directory Is writable by others!& so I check here, no luck, check google groups, find that suexec won't work on scripts in a directory that is chmod'd 775, only 755... so I change the /cgi-bin directory for mailman to 755... still no love... now it (the suexec log) says &program is either setid or setgid&...

I'll beat on it some more later when I get a few moments, but I wanted to know, Anyone have any luck getting mailman's editor to work properly in a suexec'd rh72 box?

I mean, I had a very similar problem with the random shtml applet.. for that I ended up compiling my own random program and stashing it in the users cgi-bin directory.. but I don't think that's a very good solution with something like mailman?

 

[avara]

We had the same problem with new CPanel installations, and turning off suexec fixed it (you can do that from the WebHost Manager).

Or you can try running:

/scripts/fixmailmanwithsuexec


Hope this helps!

 

[hst]

suexec not supported

Although suexec is active by default it really is not supported and the panels seem to work much better without it. With it enabled you have problems with mailing list, using the server IP for reaching the control panel with shared IP and with loading you site with the server IP for shared IP accounts. Turn it off and all these features work great! Although apache will run fine once you deactivate it, you may want to go back to httpd.conf and remove the lines from each domain that say:
user username
group groupname
or you will see errors when you run the httpd configtest but even with them left in, apache runs fine.

 

[kwimberl]

Shannon, I think turning off suexec is bad advice.

I can't say for sure what the exact problem is with your server at this point, but I am willing to help you figure it out. You can find me on AIM (kwimberl) and I'll help you.

 

[shannon]

Correct me if I'm wrong, but I thought the idea behind SuExec was to make things safer? (Scripts running as the user, NOT as apache, root, nobody or some other variation thereof)...

I did manage to figure out this particular problem.. in case someone else down the road should happen to search here looking for an answer, the problem was my stupidity... I have an account setup on my WHM box for purenrg.com (our domain) but not ALL the *.purenrg.com sites reside there (a few for testing mostly on this box)... I moved servers a few weeks back, and the WHM created a subdomain under the purenrg.com account for srv2.purenrg.com.. anyway, that's what screwed it all up... apache was intercepting requests for srv2.purenrg.com and handling them as if they were a client's account on the box, not as the generic 'catchall' apache account. (it was reading documents out of /home/purenrg/public_html/srv2, not /usr/local/apache/htdocs) Which of course was fine, except that the mailman program alias in apache.conf assumes you're NOT running as a clients Virtual host.

Anyway, scoured out the srv2 virtual host from my apache config, and everything looks good with mailman now.

Now if only I could get the cpanel included random html script to work right under SuExec.

 

[hst]

Well I would have to disagree

suexec never works well with whm and when we have disabled it things work better. I really have seen no benefit with it running. Interestingly that added the option to turn it off now. We use to manually have to do it. It of course is up to you, but I would be interested in hearing anyone that has seen an advantage to suexec that actually works with CP. We have had a ton of problems with it. Messed up our http://serverip/~username/ for shared IP sites before the propogated, messed up mailman mailing list. Messed up being ablet to use the server IP to upload a site prior to propogation. I really don't believe it works anyway so diabling it was a great option for us and we have hundreds of shared clients on multiple servers using cp.

Well thats my take, have a great day!

 

[kwimberl]

We run suexec with CPanel on ALL of our servers. It adds security (as pertains to users running cgi).

As for the problems you mentioned, there are fixes for every one of them...

 

[shaun]

suexec and cpanel run fine... i even turn'd suexec on, on a machine that it was off on by default. Just tail'd the suexec log file for about a hour and fix all the clients out their who dont know 777 on their cgi scripts isnt good.

Suexec is worth it. If you dont run suexec then you have to make that script readable to everyone. And if you do that and it's a stupid simple script then fine but what if it's a bbs or somthign that has passwords stored in it to access mysql. Now you have a client who hates you cats sombody's config.pl and drops their db. Suexec is worth the extra support emails of &why are my cgi scripts not working&

you may also want to put /scripts/fixsuexeccgiscripts in a crontab and have it run every hour or so. If you want. We dont.