[Mailman-Users] private and public archive directory permissions

Mark Sapiro mark at msapiro.net
Mon Jul 13 03:54:16 CEST 2015 

On 7/12/15 5:58 PM, Noah wrote:
> 
> I migrated to a new server and I am back again with permission issues.
> I am running apache2 on an ubuntu 14.04 server.
> 
> is there a good tutorial out there that explains the best practices for
> ownership for the different directories and sub-directories


Everything should be in Mailman's group ('mailman' or '_mailman' or
maybe 'list' in your case) and all the directories and the cgi and mail
compiled wrappers should be SETGID.

See the FAQ at <http://wiki.list.org/x/4030645>.


> I run check_perms -f as root and some of the same directories still need
> correcting even after running 'check_perms -f' as root many times.


check_perms gets confused by symlinks. It checks and complains about the
group and permissions of the symlink itself which are really irrelevant.
When fixing, it actually fixes the target which is what you want, but
next time it will complain again because it is still looking at the
symlink. Bottom line is ignore the errors it reports about symlinks.


> I have a list user and a mailman user and group that I moved over from
> my old server.   Apache2 is running as www-data .


In your Debian/Ubuntu package, Mailman's user:group are list:list.


> I am using mbox is that matters.
> 
> here is some config:
> 
> /var/lib/mailman/archives $ ls -l
> total 8.0K
> drwxrws--x 110 mailman 4.0K Jul  4 22:44 private/
> drwxrwsr-x   2 mailman 4.0K Jun  2  2012 public/


Is 'mailman' the owner or group? Perhaps these came from another system,
but for the Ubuntu package if that's what you're using, group should be
'list'.


> /etc/apache2/conf-enabled $ ls -l mailman.conf
> lrwxrwxrwx 1 root 30 Jul 13 00:52 mailman.conf ->
> ../conf-available/mailman.conf
> 
> 
> 
> /etc/apache2/conf-enabled $ cat ../conf-available/mailman.conf
> 
> Alias /pipermail/ /var/lib/mailman/archives/public/
> Alias /images/mailman/ /usr/share/images/mailman/
> ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
> <Directory /usr/lib/cgi-bin/mailman/>
>      AllowOverride None
>      Options ExecCGI
>      AddHandler cgi-script .cgi
>      Order allow,deny
>      Allow from all
> </Directory>
> <Directory /var/lib/mailman/archives/public/>
>      Options Indexes FollowSymlinks
>      AllowOverride None
>      Order allow,deny
>      Allow from all
> </Directory>
> <Directory /usr/share/images/mailman/>
>      AllowOverride None
>      Order allow,deny
>      Allow from all
> </Directory>


This looks OK.

What exactly is your problem? Is there actually something that doesn't
work? If so, what?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list