6.17. Apache+Suexec

When your Apache is configured with suexec enabled, you have to choose either the correct location when installing Mailman (under suexec_docroot) or recompile Apache to suit your installation needs.

I chose a compromise:

1. Recompile Apache with --suexec-docroot=/home 2. Install Mailman under /home/mailman

When configuring Mailman, choose --with-cgi-gid=mailman (not the usual group 'www' for virtual hosts)

After installation of Mailman, some permissions have to be altered:

 - $prefix/cgi-bin* should be owned by mailman:mailman
 - $prefix/cgi-bin shouldn't have group-write-access (suexec doesn't like that)
 - disable cgi-scripts' setgid-bit (suexec doesn't like that)

 # chown mailman:mailman $prefix/cgi-bin*
 # chmod g-w $prefix/cgi-bin
 # chmod g-s $prefix/cgi-bin/*

Ok, then you can add specific virtual hosts for list administration:

 <VirtualHost YOUR_IP>
 ServerName      list.somehost.de
 ServerAlias     list.somehost.de
 ...

 SuexecUserGroup mailman mailman <-- this one is important

 #
 # Mailman Section
 #
 ScriptAlias     /mailman/       /home/mailman/cgi-bin/
 Alias           /pipermail/     /home/mailman/archives/public/

 <Directory "/home/mailman/archives/public/">
  AddDefaultCharset off
 </Directory>

 </VirtualHost>

It worked fine for me, and I hope it will for others

Note: the above describes a way to make Mailman work withe suEXEC with a single domain. Due to fundamental differences between Mailman's security model and that of suEXEC it is very difficult and kludgy to make it it work with multiple Mailman domains.

This is one of many Frequently Asked Questions.

MailmanWiki: DOC/Apache+Suexec (last edited 2010-01-24 08:03:19 by msapiro)