[Mailman-Developers] (Maybe) wrong permissions on archives/private/listname/database

Harald Meland Harald.Meland@usit.uio.no
28 Jan 1999 15:07:00 +0100 

First of all: This problem could be occuring because I have messed
things up by not being consistent in the way I upgrade Mailman.  I
have, from time to time, run "make install" and "make update" as root,
mailman or myself.  Yeah, I'm not the most organized person in the
world, I know. :)

Anyway:

My Mailman is configured like this:

  ./configure --prefix=/local/Mailman --without-gcc \
    --with-python=/local/bin/python --with-cgi-gid=nobody \
    --with-mail-gid=mailman

My MTA pipes all the mailman stuff into /local/Mailman/mail/wrapper,
running as the user "mailman" (which has default group "mailman").

For some of my lists, I have this situation:

  $ ls -l archives/private/LISTNAME/
  total 20
  drwxrwsr-x   2 nobody   mailman       512 Dec  1 16:51 1998-December
  -rw-rw-r--   1 nobody   mailman       939 Dec  1 16:51 1998-December.txt
  drwxrwsrwx   2 nobody   mailman       512 Nov 13 18:26 1998-November
  -rw-rw-rw-   1 nobody   mailman      2663 Nov 23 15:32 1998-November.txt
  drwxrwsrwx   2 nobody   mailman       512 Oct 29 15:18 1998-October
  -rw-rw-rw-   1 nobody   mailman      2898 Oct 29 15:18 1998-October.txt
  drwxrwsr-x   2 nobody   mailman       512 Jan 19 14:03 1999-January
  -rw-rw-r--   1 nobody   mailman      2573 Jan 19 14:03 1999-January.txt
  drwx--S---   2 nobody   mailman      2048 Jan 19 14:03 database
  -rw-rw-rw-   1 nobody   mailman      2246 Jan 19 14:03 index.html
  -rw-rw-rw-   1 nobody   mailman       555 Jan 19 14:03 pipermail.pck

Are the permissions/owner on the "database" directory good?  Why are
some of the files world writable?

For some other lists, which seem to have set very similar archival
options to the list above, the owner of the "database" directory are:

  drwx--S---   2 mailman  mailman      1536 Jan 26 14:41 database

or

  drwxrws---   2 nobody   mailman      1536 Jan 20 00:07 database

I suppose pipermail is running as user/group "mailman" when it does
it's job, and that pipermail not getting access to the "database"
directory is a bad thing, right?

Whenever I run "make update" as non-root, I get some warnings of the
type:

  /local/gnu/bin/install: /local/Mailman/Mailman/pythonlib/getpass.py: Permission denied
  Compiling /local/Mailman/Mailman/Archiver/Archiver.py ...
  Sorry: IOError: (13, 'Permission denied')

(which I now have fixed by chowning the necessary files/directories),
and then some like this:

  Listing /local/Mailman/archives/private/LISTNAME/database ...
  Can't list /local/Mailman/archives/private/LISTNAME/database

(which I'm not sure how to, or even *if*I*should*, fix).


So, should "make update" scream louder/suggest manual interaction when
it discovers anomalies like this?  Should there (somewhere) be a
warning about not varying what user you run "make install" and "make
update" as?  And shouldn't "make update" (or something) revoke those
scary world writable permission bits?
-- 
Harald