On Wed, May 9, 2012 at 12:17 AM, Mark Sapiro <m...@msapiro.net> wrote:
> On 5/8/2012 8:22 PM, David wrote: > > > > > > On Tue, May 8, 2012 at 9:34 PM, Mark Sapiro <m...@msapiro.net > > <mailto:m...@msapiro.net>> wrote: > > > > > > What about newly archived messages. Presumably, those are not owned > by > > www-data. can you access them? > > > > > > They are owned by www-data and I can access them. The reason they are > > owned by www-data is because of the directory permissions the > > "bin/check_perms -f" command created: > > > > drwxrwsr-x 2 www-data list 4096 May 8 22:42 . > > > > The group "s" permission, which the check_perms script set, does the > > following: > > > > If the SGID (Set Group Identification) attribute is set on a > > directory, files created in that directory inherit its group > ownership. > > > Yes, and what that means is that created subordinate directories will be > group 'list' and SETGID, and created subordinated files will be group > 'list' > > But, the owner, not the group, will be the id of the user that created > them which for archived files will normally be 'list' not 'www-data' > because the files are created by ArchRunner, not by the web server. > > So, back to my original questions. What is the ownership of files > archived after you ran your 'chown -R', and can you access them, and > what were the ownership and permissions of some example archived > messages and their containing directories before you changed them? > > -- > Yes, I can access all the archived messages now, as expected. You are right about the ownership. In checking again, I can access files from the listing below regardless of whether the owner is www-data or list. I did not change any permissions directly. I ran the check_perms script. It fixed over 200 items, but but would not fix 12 items. Re-running it several times would not fix those remaining items (I assume because they were all symlinks). So I fixed the symlinks manually, such as: chgrp -h list /var/lib/mailman/templates After fixing the remaining group ownerships in this way, I ran check_perms again and it reported no problems. But then I was unable to access the public archices. That's when I changed ownership with: chown -R www-data /var/lib/mailman/archives/private As soon as I ran that command, I was able to access the archives again. I can't say absolutely what the group ownership was prior to that, but I think the owner was list and group was list, judging from the directory listing below. root@localhost:/var/lib/mailman/archives/private# ls -la list/2012-May total 432 drwxrwsr-x 2 www-data list 4096 May 8 22:42 . drwxrwsr-x 5 www-data list 4096 May 8 03:27 .. -rw-rw-r-- 1 www-data list 11654 May 7 22:22 000000.html -rw-rw-r-- 1 www-data list 8492 May 8 02:18 000001.html -rw-rw-r-- 1 www-data list 14475 May 8 18:54 000002.html -rw-rw-r-- 1 www-data list 2865 May 8 18:54 000003.html -rw-rw-r-- 1 www-data list 3390 May 8 18:54 000004.html -rw-rw-r-- 1 www-data list 4521 May 8 18:54 000005.html -rw-rw-r-- 1 www-data list 3790 May 8 02:18 000006.html -rw-rw-r-- 1 www-data list 11299 May 8 18:54 000007.html -rw-rw-r-- 1 www-data list 4833 May 8 02:18 000008.html -rw-rw-r-- 1 www-data list 3134 May 8 18:54 000009.html -rw-rw-r-- 1 www-data list 5923 May 8 18:54 000010.html -rw-rw-r-- 1 www-data list 8348 May 8 02:18 000011.html -rw-rw-r-- 1 www-data list 3847 May 8 18:54 000012.html -rw-rw-r-- 1 www-data list 20422 May 8 18:54 000013.html -rw-rw-r-- 1 www-data list 3687 May 8 18:54 000014.html -rw-rw-r-- 1 www-data list 5147 May 8 18:54 000015.html -rw-rw-r-- 1 www-data list 4133 May 8 18:54 000016.html -rw-rw-r-- 1 www-data list 6029 May 8 18:54 000017.html -rw-rw-r-- 1 www-data list 5171 May 8 18:54 000018.html -rw-rw-r-- 1 www-data list 3434 May 8 18:54 000019.html -rw-rw-r-- 1 www-data list 5875 May 8 18:54 000020.html -rw-rw-r-- 1 www-data list 3533 May 8 18:54 000021.html -rw-rw-r-- 1 www-data list 3996 May 8 18:54 000022.html -rw-rw-r-- 1 www-data list 7329 May 8 18:54 000023.html -rw-rw-r-- 1 www-data list 4985 May 8 18:54 000024.html -rw-rw-r-- 1 www-data list 5136 May 8 18:54 000025.html -rw-rw-r-- 1 www-data list 7115 May 8 18:54 000026.html -rw-rw-r-- 1 www-data list 6618 May 8 18:54 000027.html -rw-rw-r-- 1 www-data list 3929 May 8 18:54 000028.html -rw-rw-r-- 1 www-data list 3333 May 8 19:43 000029.html -rw-rw-r-- 1 www-data list 4049 May 8 18:54 000030.html -rw-rw-r-- 1 www-data list 4980 May 8 19:42 000031.html -rw-rw-r-- 1 www-data list 5532 May 8 18:54 000032.html -rw-rw-r-- 1 list list 3202 May 8 18:54 000033.html -rw-rw-r-- 1 list list 3471 May 8 18:54 000034.html -rw-rw-r-- 1 list list 4488 May 8 18:54 000035.html -rw-rw-r-- 1 list list 4294 May 8 18:54 000036.html -rw-rw-r-- 1 list list 5253 May 8 19:42 000037.html -rw-rw-r-- 1 list list 4388 May 8 20:50 000038.html -rw-rw-r-- 1 list list 3992 May 8 22:42 000039.html -rw-rw-r-- 1 list list 8728 May 8 22:24 000040.html -rw-rw-r-- 1 list list 7746 May 8 22:42 000041.html -rw-rw-r-- 1 list list 6224 May 8 22:42 000042.html -rw-rw-r-- 1 list list 9060 May 8 22:42 000043.html -rw-rw-r-- 1 list list 6918 May 8 22:42 000044.html -rw-rw-r-- 1 list list 6612 May 8 22:42 000045.html -rw-rw-r-- 1 list list 12211 May 8 22:42 000046.html -rw-rw-r-- 1 list list 10337 May 8 22:42 000047.html -rw-rw-r-- 1 list list 11630 May 8 22:42 000048.html -rw-rw-r-- 1 www-data list 8007 May 8 22:42 author.html -rw-rw-r-- 1 www-data list 8011 May 8 22:42 date.html lrwxrwxrwx 1 www-data list 11 May 7 22:06 index.html -> thread.html -rw-rw-r-- 1 www-data list 8005 May 8 22:42 subject.html -rw-rw-r-- 1 www-data list 10312 May 8 22:42 thread.html ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org