[Mailman-Users] Permissions on Symbolic Links Files
Barry Finkel
b19141 at anl.gov
Wed Jul 30 17:08:56 CEST 2008
I wrote (>>):
with Mark Sapiro's comments interspersed (>):
>>I have on my Mailman 2.1.10 production system and my 2.1.11 test system
>>both created from the SourceForge source and installed on Ubuntu dapper
>>via packages I built:
>>
>>mailman% ls -al /var/lib/mailman
>>total 40
>>drwxrwsr-x 10 root list 4096 2007-02-28 11:11 .
>>drwxr-xr-x 22 root root 4096 2008-04-04 13:31 ..
>>lrwxrwxrwx 1 root root 20 2008-06-30 16:13 bin -> /usr/lib/mailman/bin
>>lrwxrwxrwx 1 root root 21 2008-06-30 16:13 cron -> /usr/lib/mailman/cron
>>lrwxrwxrwx 1 root root 24 2008-06-30 16:13 Mailman -> /usr/lib/mailman/Mailman
>>lrwxrwxrwx 1 root root 24 2008-06-30 16:13 scripts -> /usr/lib/mailman/scripts
>><<Non-relevant lines from the "ls -al" listing have been removed.>>
>>mailman%
>>mailman# ls -al /usr/lib/mailman
>>total 36
>>drwxr-xr-x 7 root list 4096 2007-02-28 11:11 .
>>drwxr-xr-x 48 root root 12288 2008-06-09 12:24 ..
>>drwxr-xr-x 2 root list 4096 2008-07-23 14:55 bin
>>drwxr-xr-x 2 root list 4096 2008-07-23 14:55 cron
>>drwxrwsr-x 2 root list 4096 2008-07-23 14:55 mail
>>drwxr-xr-x 11 root list 4096 2008-07-23 14:55 Mailman
>>drwxr-xr-x 2 root list 4096 2008-07-23 14:55 scripts
>>mailman#
>>
>>When I run check_perms it complains:
>>
>> mailman# check_perms
>> directory permissions must be 02775: /var/lib/mailman/Mailman
>> directory permissions must be 02775: /var/lib/mailman/bin
>> directory permissions must be 02775: /var/lib/mailman/cron
>> directory permissions must be 02775: /var/lib/mailman/scripts
>> Problems found: 4
>> Re-run as list (or root) with -f flag to fix
>> mailman#
>>
>>As Mailman is running fine, I do not want to change the permissions
>>on the symbolic links. Is this correct? I have 755 for the permissions
>>on the real files to which the symbolic links point.
>You can't change the permissions on a symlink itself anyway. Any
>attempt to do so will attempt to change the target.
>>Is check_perms reporting on the permissions of the symlinks or the
>>permissions of the real files to which the symbolic links point?
>The targets.
>>What problems would I see if I do not have group write not "02"
>>on these four files?
>Typically these directories are SETGID and group writable. The fact
>that they are not SETGID means that anything created subordinate to
>them will be created with the group of the creator and not the 'list'
>group. In practice the contents of these 4 directories are normally
>only read, so as long as everything is world readable, it will work.
>
>But if you applied a patch to some .py file in the Mailman directory,
>Mailman processes running as group 'list' might not have permission to
>update the corresponding .pyc file.
>
>I have to wonder why you are doing this with symlinks at all. It looks
>like what you really want is to run configure with
>
>--prefix=/usr/lib/mailman (the default), and
>--with-var-prefix=/var/lib/mailman
>
>or something similar.
When I built my Mailman 2.1.9 and .11 packages for Ubuntu dapper,
I took the Ubuntu packaging and made as few changes as possible.
All I wanted was that the files be placed in the correct directories
for Ubuntu. I used the current source, and I removed all of the
Debian/Ubuntu patches except one:
01_defaults.debian.dpatch
that makes three changes to the file Mailman/Defaults.py.in:
-IMAGE_LOGOS = '/icons/'
+IMAGE_LOGOS = '/doc/mailman/images/'
-DEFAULT_URL_PATTERN = 'http://%s/mailman/'
+DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
-PIDFILE = os.path.join(DATA_DIR, 'master-qrunner.pid')
+PIDFILE = "/var/run/mailman/mailman.pid"
The other patch files were source changes that I did not want because
they were undocumented, and I had no idea for which SourceForge code
base they were written. I assumed that the SourceForge source needed
no patches.
In the file
mailman-2.1.11/debian/rules
I made a few changes:
mailman# diff rules rules.original
38c38
< --with-mail-gid=list --with-cgi-gid=www-data \
---
> --with-mail-gid=daemon --with-cgi-gid=www-data \
70,71c70
< # The following line was commented by BSFinkel 07/01/2008.
< # Debian removs pythonlib in error to fix a problem.
< # rmdir debian/$(package)/var/lib/mailman/pythonlib
---
> rmdir debian/$(package)/var/lib/mailman/pythonlib
126,128c125
< # The following line was commented by BSFinkel 07/01/2008 because
< # the directory "admin" does not exist in Mailman 2.1.10 nor .11.
< # cp -a admin/www debian/mailman/usr/share/doc/$(package)/html
---
> cp -a admin/www debian/mailman/usr/share/doc/$(package)/html
mailman#
Of course, the admin line was only commented in 2.1.11, not in 2.1.9.
That rules file has two sections of code:
-----
Makefile:
autoconf
./configure --prefix=/var/lib/$(package) --with-username=list \
--with-groupname=list \
--with-mail-gid=list --with-cgi-gid=www-data \
--without-permcheck --with-mailhost=localhost \
--with-urlhost=localhost
-----
binary-arch: checkroot build
$(checkdir)
# rm -rf debian/mailman && install -d debian/mailman
dh_installdirs
dh_installdocs ACKNOWLEDGMENTS README* TODO BUGS NEWS FAQ
dh_installchangelogs
$(MAKE) doinstall prefix=$$(pwd)/debian/mailman/var/lib/$(package) \
var_prefix=$$(pwd)/debian/mailman/var/lib/$(package) \
icondir=$$(pwd)/debian/mailman/usr/share/images/mailman \
ICONDIR=$$(pwd)/debian/mailman/usr/share/images/mailman
-----
and I did not want to make any changes to the directories into which
Ubuntu/Debian stores the Mailman files.
I am assuming that with a straight Debian/Ubuntu package install the
same symlinks and directories that I have are present therein. Can
someone who has an unmodifed Debian/Ubuntu package for Mailman confirm
this? Thanks.
I ran the fixup:
mailman# check_perms
directory permissions must be 02775: /var/lib/mailman/Mailman
directory permissions must be 02775: /var/lib/mailman/bin
directory permissions must be 02775: /var/lib/mailman/cron
directory permissions must be 02775: /var/lib/mailman/scripts
Problems found: 4
Re-run as list (or root) with -f flag to fix
mailman# check_perms -f
directory permissions must be 02775: /var/lib/mailman/Mailman (fixing)
directory permissions must be 02775: /var/lib/mailman/bin (fixing)
directory permissions must be 02775: /var/lib/mailman/cron (fixing)
directory permissions must be 02775: /var/lib/mailman/scripts (fixing)
Problems found: 4
Re-run as list (or root) with -f flag to fix
mailman# !!
check_perms -f
No problems found
mailman# ls -al /var/lib/mailman/Mailman
lrwxrwxrwx 1 root root 24 2008-06-30 16:13 /var/lib/mailman/Mailman -> /usr/lib/mailman/Mailman
mailman# ls -al /var/lib/mailman/bin
lrwxrwxrwx 1 root root 20 2008-06-30 16:13 /var/lib/mailman/bin -> /usr/lib/mailman/bin
mailman# ls -al /var/lib/mailman/cron
lrwxrwxrwx 1 root root 21 2008-06-30 16:13 /var/lib/mailman/cron -> /usr/lib/mailman/cron
mailman# ls -al /var/lib/mailman/scripts
lrwxrwxrwx 1 root root 24 2008-06-30 16:13 /var/lib/mailman/scripts -> /usr/lib/mailman/scripts
mailman# ls -ald /usr/lib/mailman/Mailman
drwxrwsr-x 11 root list 4096 2008-07-23 14:55 /usr/lib/mailman/Mailman
mailman# ls -ald /usr/lib/mailman/bin
drwxrwsr-x 2 root list 4096 2008-07-23 14:55 /usr/lib/mailman/bin
mailman# ls -ald /usr/lib/mailman/cron
drwxrwsr-x 2 root list 4096 2008-07-23 14:55 /usr/lib/mailman/cron
mailman# ls -ald /usr/lib/mailman/scripts
drwxrwsr-x 2 root list 4096 2008-07-23 14:55 /usr/lib/mailman/scripts
mailman#
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the Mailman-Users
mailing list