[Mailman-Users] details to finish up

Mark Sapiro mark at msapiro.net
Sat Mar 29 15:58:37 CET 2008 

billc wrote:
>
>Public archives aren't visible. I'm getting a permssions error.


What's the message in your web server's error_log?


>I 
>currently have:
>
>drwxrwx--x  9 billc  mailman  306 27 Mar 15:26 private
>
>       drwxrwxr-x  9 root   mailman  306 27 Mar 03:27 discussion
>       drwxrwxr-x  3 root   mailman  102 27 Mar 02:08 discussion.mbox
>       drwxrwsr-x  3 root   mailman  102 23 Mar 12:07 mailman
>       drwxrwsr-x  2 root   mailman   68 23 Mar 12:07 mailman.mbox
>       drwxrwsr-x  9 billc  mailman  306 24 Mar 03:27 testlist
>       drwxrwsr-x  3 billc  mailman  102 24 Mar 01:51 testlist.mbox
>
>drwxrwsr-x  5 billc  mailman  170 27 Mar 15:26 public
>
>       lrwxr-xr-x  1 billc  mailman  46 27 Mar 15:13 discussion -> 
>/usr/local/mailman/archives/private/discussion
>       lrwxr-xr-x  1 billc  mailman  44 23 Mar 12:59 testlist -> 
>/usr/local/mailman/archives/private/testlist
>
>I"m also getting:
>
>Warning: Private archive directory is other-executable (o+x).
>          This could allow other users on your system to read private archives.
>          If you're on a shared multiuser system, you should consult the
>          installation manual on how to fix this.
>
>when running check_perms.
>
>What *should* they be?


The permissions above look mostly correct, but is every directory in
/path/to/archives/ also at least o+x (normally, o+rx).

Also, archives/private is normally g+s as are it's subordinates. It
looks like this changed sometime between the creation of testlist and
the creation of discussion. If archives/private isn't SETGID (g+s), it
is possible that, for example, root could run bin/arch and create
directories and files that aren't group mailman, and these would then
not be writable by mailman.

The warning from check_perms is just a message that you might consider
changing that if you are concerned about non-privileged users with
shell or possibly ftp access to your server being able to see your
private archives, but if you remove the o+x, you also need to make
your web server the owner of the archives/private directory.

See the Warning box at <http://www.list.org/mailman-install/node9.html>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list