David wrote: > >Yes, I can access all the archived messages now, as expected. You are right >about the ownership. In checking again, I can access files from the listing >below regardless of whether the owner is www-data or list. > >I did not change any permissions directly. I ran the check_perms script. It >fixed over 200 items, but but would not fix 12 items. Re-running it several >times would not fix those remaining items (I assume because they were all >symlinks). So I fixed the symlinks manually, such as: > >chgrp -h list /var/lib/mailman/templates
check_perms does not work with symlinks, but it doesn't matter because the ownership/permissions of a symlink are irrelevant, only the target ownership and permissions are relevant. What happens is check_perms sees the ownership and permissions of the symlink and complains and if run with -f, 'fixes' the ownership and permissions of the target, but since the permissions of the symlink haven't changed, check_perms complains again the next time. In a standard source install, there are no symlinks so this is not in issue. In certain packages (Debian/Ubuntu for example) there are symlinks. See the FAQ at <http://wiki.list.org/x/OIDD>. >After fixing the remaining group ownerships in this way, I ran check_perms >again and it reported no problems. But then I was unable to access the >public archices. > >That's when I changed ownership with: >chown -R www-data /var/lib/mailman/archives/private > >As soon as I ran that command, I was able to access the archives again. > >I can't say absolutely what the group ownership was prior to that, but I >think the owner was list and group was list, judging from the directory >listing below. I can't diagnose what the real issue was without knowing the ownership and permissions before the change, but I doubt that running chown -R www-data /var/lib/mailman/archives/private with -R was necessary. In fact, if the permissions drwxrwsr-x 2 www-data list 4096 May 8 22:42 . you show in the post at <http://mail.python.org/pipermail/mailman-users/2012-May/073397.html> are those of /var/lib/mailman/archives/private, I think you could run chown -R list /var/lib/mailman/archives/private or even chown -R nobody /var/lib/mailman/archives/private and public archive access would still work because according to the listing below, the /var/lib/mailman/archives/private/list directory and its subordinates are all world searchable/readable and in that case it should be sufficient for /var/lib/mailman/archives/private to be drwxrws--x 2 list list ... >root@localhost:/var/lib/mailman/archives/private# ls -la list/2012-May >total 432 >drwxrwsr-x 2 www-data list 4096 May 8 22:42 . >drwxrwsr-x 5 www-data list 4096 May 8 03:27 .. >-rw-rw-r-- 1 www-data list 11654 May 7 22:22 000000.html >-rw-rw-r-- 1 www-data list 8492 May 8 02:18 000001.html >-rw-rw-r-- 1 www-data list 14475 May 8 18:54 000002.html >-rw-rw-r-- 1 www-data list 2865 May 8 18:54 000003.html >-rw-rw-r-- 1 www-data list 3390 May 8 18:54 000004.html >-rw-rw-r-- 1 www-data list 4521 May 8 18:54 000005.html >-rw-rw-r-- 1 www-data list 3790 May 8 02:18 000006.html >-rw-rw-r-- 1 www-data list 11299 May 8 18:54 000007.html >-rw-rw-r-- 1 www-data list 4833 May 8 02:18 000008.html >-rw-rw-r-- 1 www-data list 3134 May 8 18:54 000009.html >-rw-rw-r-- 1 www-data list 5923 May 8 18:54 000010.html >-rw-rw-r-- 1 www-data list 8348 May 8 02:18 000011.html >-rw-rw-r-- 1 www-data list 3847 May 8 18:54 000012.html >-rw-rw-r-- 1 www-data list 20422 May 8 18:54 000013.html >-rw-rw-r-- 1 www-data list 3687 May 8 18:54 000014.html >-rw-rw-r-- 1 www-data list 5147 May 8 18:54 000015.html >-rw-rw-r-- 1 www-data list 4133 May 8 18:54 000016.html >-rw-rw-r-- 1 www-data list 6029 May 8 18:54 000017.html >-rw-rw-r-- 1 www-data list 5171 May 8 18:54 000018.html >-rw-rw-r-- 1 www-data list 3434 May 8 18:54 000019.html >-rw-rw-r-- 1 www-data list 5875 May 8 18:54 000020.html >-rw-rw-r-- 1 www-data list 3533 May 8 18:54 000021.html >-rw-rw-r-- 1 www-data list 3996 May 8 18:54 000022.html >-rw-rw-r-- 1 www-data list 7329 May 8 18:54 000023.html >-rw-rw-r-- 1 www-data list 4985 May 8 18:54 000024.html >-rw-rw-r-- 1 www-data list 5136 May 8 18:54 000025.html >-rw-rw-r-- 1 www-data list 7115 May 8 18:54 000026.html >-rw-rw-r-- 1 www-data list 6618 May 8 18:54 000027.html >-rw-rw-r-- 1 www-data list 3929 May 8 18:54 000028.html >-rw-rw-r-- 1 www-data list 3333 May 8 19:43 000029.html >-rw-rw-r-- 1 www-data list 4049 May 8 18:54 000030.html >-rw-rw-r-- 1 www-data list 4980 May 8 19:42 000031.html >-rw-rw-r-- 1 www-data list 5532 May 8 18:54 000032.html >-rw-rw-r-- 1 list list 3202 May 8 18:54 000033.html >-rw-rw-r-- 1 list list 3471 May 8 18:54 000034.html >-rw-rw-r-- 1 list list 4488 May 8 18:54 000035.html >-rw-rw-r-- 1 list list 4294 May 8 18:54 000036.html >-rw-rw-r-- 1 list list 5253 May 8 19:42 000037.html >-rw-rw-r-- 1 list list 4388 May 8 20:50 000038.html >-rw-rw-r-- 1 list list 3992 May 8 22:42 000039.html >-rw-rw-r-- 1 list list 8728 May 8 22:24 000040.html >-rw-rw-r-- 1 list list 7746 May 8 22:42 000041.html >-rw-rw-r-- 1 list list 6224 May 8 22:42 000042.html >-rw-rw-r-- 1 list list 9060 May 8 22:42 000043.html >-rw-rw-r-- 1 list list 6918 May 8 22:42 000044.html >-rw-rw-r-- 1 list list 6612 May 8 22:42 000045.html >-rw-rw-r-- 1 list list 12211 May 8 22:42 000046.html >-rw-rw-r-- 1 list list 10337 May 8 22:42 000047.html >-rw-rw-r-- 1 list list 11630 May 8 22:42 000048.html >-rw-rw-r-- 1 www-data list 8007 May 8 22:42 author.html >-rw-rw-r-- 1 www-data list 8011 May 8 22:42 date.html >lrwxrwxrwx 1 www-data list 11 May 7 22:06 index.html -> thread.html >-rw-rw-r-- 1 www-data list 8005 May 8 22:42 subject.html >-rw-rw-r-- 1 www-data list 10312 May 8 22:42 thread.html -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org