[Mailman-Users] details to finish up
Mark Sapiro
mark at msapiro.net
Sat Mar 29 15:58:37 CET 2008
billc wrote:
>
>Public archives aren't visible. I'm getting a permssions error.
What's the message in your web server's error_log?
>I
>currently have:
>
>drwxrwx--x 9 billc mailman 306 27 Mar 15:26 private
>
> drwxrwxr-x 9 root mailman 306 27 Mar 03:27 discussion
> drwxrwxr-x 3 root mailman 102 27 Mar 02:08 discussion.mbox
> drwxrwsr-x 3 root mailman 102 23 Mar 12:07 mailman
> drwxrwsr-x 2 root mailman 68 23 Mar 12:07 mailman.mbox
> drwxrwsr-x 9 billc mailman 306 24 Mar 03:27 testlist
> drwxrwsr-x 3 billc mailman 102 24 Mar 01:51 testlist.mbox
>
>drwxrwsr-x 5 billc mailman 170 27 Mar 15:26 public
>
> lrwxr-xr-x 1 billc mailman 46 27 Mar 15:13 discussion ->
>/usr/local/mailman/archives/private/discussion
> lrwxr-xr-x 1 billc mailman 44 23 Mar 12:59 testlist ->
>/usr/local/mailman/archives/private/testlist
>
>I"m also getting:
>
>Warning: Private archive directory is other-executable (o+x).
> This could allow other users on your system to read private archives.
> If you're on a shared multiuser system, you should consult the
> installation manual on how to fix this.
>
>when running check_perms.
>
>What *should* they be?
The permissions above look mostly correct, but is every directory in
/path/to/archives/ also at least o+x (normally, o+rx).
Also, archives/private is normally g+s as are it's subordinates. It
looks like this changed sometime between the creation of testlist and
the creation of discussion. If archives/private isn't SETGID (g+s), it
is possible that, for example, root could run bin/arch and create
directories and files that aren't group mailman, and these would then
not be writable by mailman.
The warning from check_perms is just a message that you might consider
changing that if you are concerned about non-privileged users with
shell or possibly ftp access to your server being able to see your
private archives, but if you remove the o+x, you also need to make
your web server the owner of the archives/private directory.
See the Warning box at <http://www.list.org/mailman-install/node9.html>.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list