1656765 – mailman is failed to verify admin password once it changed

Bug 1656765 - mailman is failed to verify admin password once it changed

Summary: mailman is failed to verify admin password once it changed

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mailman
Sub Component:
Version:	31
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Pavel Zhukov
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-06 09:44 UTC by Pavel Zhukov
Modified:	2020-05-15 02:35 UTC (History)
CC List:	2 users (show)
Fixed In Version:	mailman-2.1.32-2.fc32
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-06 09:11:41 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Pavel Zhukov 2018-12-06 09:44:42 UTC

Description of problem:
mmsitepass puts hash of new site password into /etc/mailman/adm.pw file and there're few issues here:
1) file is not owned by any package
2) it has root:root permission thus not readable by mailman group

Version-Release number of selected component (if applicable):
mailman-2.1.29-1.fc28.x86_64

How reproducible:
100%

Steps to Reproduce:
1. install mailman
2. create mailman list 
3. run /usr/lib/mailman/bin/mmsitepass to change password
4. try to create new list

Actual results:
Mailman bug message and traceback in the logs

admin(31191): [----- Traceback ------] 
admin(31191): Traceback (most recent call last):
admin(31191):    File "/usr/lib/mailman/scripts/driver", line 117, in run_main
    main()
admin(31191):    File "/usr/lib/mailman/Mailman/Cgi/create.py", line 66, in main
    process_request(doc, cgidata)
admin(31191):    File "/usr/lib/mailman/Mailman/Cgi/create.py", line 162, in process_request
    ok = Utils.check_global_password(auth)
admin(31191):    File "/usr/lib/mailman/Mailman/Utils.py", line 462, in check_global_password
    challenge = get_global_password(siteadmin)
admin(31191):    File "/usr/lib/mailman/Mailman/Utils.py", line 451, in get_global_password
    fp = open(filename)
admin(31191):  PermissionError: [Errno 13] Permission denied: '/etc/mailman/adm.pw'

Comment 1 Ben Cotton 2019-08-13 17:00:00 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.

Comment 2 Ben Cotton 2019-08-13 18:54:02 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.

Comment 3 Fedora Update System 2020-05-06 09:09:26 UTC

FEDORA-2020-20b748e81e has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-20b748e81e

Comment 4 Fedora Update System 2020-05-07 05:20:52 UTC

FEDORA-2020-20b748e81e has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-20b748e81e`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-20b748e81e

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2020-05-15 02:35:34 UTC

FEDORA-2020-20b748e81e has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.