Re: [Mailman-Users] 2 initial config problems (virtual hosts andpermissions)

Tue, 01 Mar 2005 17:47:34 -0800 

FH wrote:
> ------ Original Message ------
> Received: Mon, 28 Feb 2005 10:30:31 PM EST
> From: Mark Sapiro <[EMAIL PROTECTED]>
> To: FH <[EMAIL PROTECTED]>, <mailman-users@python.org>
> Subject: Re: [Mailman-Users] 2 initial config problems (virtual hosts
> andpermissions)
>
...
>> Have you tried bin/check_perms?
>
> Yep.  Here's a test run to show you what's going on:
>
> # ls -al data
> total 44
> drwxrwsr-x   2 root     mailman      512 Mar  1 11:25 ./
> drwxrwsr-x  20 root     mailman      512 Feb 28 16:02 ../
> -rw-r-----   1 root     mailman       41 Feb 28 16:22 adm.pw
> -rw-rw----   1 mailman  mailman     1165 Mar  1 11:25 aliases
> -rw-r-----   1 mailman  mailman        0 Mar  1 11:25 aliases.dir
> -rw-r-----   1 mailman  mailman     1024 Mar  1 11:25 aliases.pag
> -rw-r--r--   1 root     mailman       10 Feb 28 16:07 last_mailman_version
> -rw-rw----   1 mailman  mailman        5 Feb 28 16:21 master-qrunner.pid
> -rw-r--r--   1 root     mailman    14110 Feb 28 16:02 sitelist.cfg
>
> # bin/check_perms 
> No problems found

Unfortunately, check_perms won't catch the permission problem with the
alias database file(s).  You want aliases.dir and aliases.pag to be
group writable.  All the alias files should be owned by mailman and be
in group mailman.  Then postalias should work and you'll be able to
create lists from the web.

README.POSTFIX doesn't mention this, though I've found it to be
important.  I'll attach a small patch that makes check_perms catch
this and README.POSTFIX be more explicit. 

A Few things to note about this patch is that I made it against CVS
back in January of 2004 and posted it here then.  It may or may not
apply cleanly to 2.1.5 or the forthcoming 2.1.6.  Also, I'm used to
dealing with db databases (.db) instead of dbm databases (.dir and
.pag), and the code to check perms assumes db instead of dbm, so
you'll be on your own to fix those file perms even with a patch like
this.

-- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Liberty is the only thing you cannot have unless you are willing to
give it to others.
    -- William Allen White  -  1940


Index: README.POSTFIX
===================================================================
RCS file: /cvsroot/mailman/mailman/README.POSTFIX,v
retrieving revision 2.17
diff -u -r2.17 README.POSTFIX
--- README.POSTFIX      14 Sep 2003 04:58:35 -0000      2.17
+++ README.POSTFIX      15 Jan 2004 04:02:23 -0000
@@ -76,11 +76,12 @@
       % bin/genaliases
 
       Make sure that the owner of the data/aliases and data/aliases.db
-      file is `mailman' and that the group owner for those files is
-      `mailman'.  E.g.:
+      file is `mailman', that the group owner for those files is
+      `mailman', and that both files are group writable.  E.g.:
 
       % su
       % chown mailman:mailman data/aliases*
+      % chmod g+w data/aliases*
 
     - Hack your Postfix's main.cf file to include the following path
       in your alias_maps variable:
Index: Mailman/MTA/Postfix.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/MTA/Postfix.py,v
retrieving revision 2.22
diff -u -r2.22 Postfix.py
--- Mailman/MTA/Postfix.py      14 Sep 2003 04:41:32 -0000      2.22
+++ Mailman/MTA/Postfix.py      15 Jan 2004 04:02:23 -0000
@@ -339,12 +339,21 @@
                 owner = pwd.getpwuid(stat[ST_UID])[0]
             except KeyError:
                 owner = 'uid %d' % stat[ST_UID]
-            print _('%(dbfile)s owned by %(owner)s (must be owned by %(user)s')
+            print _('%(dbfile)s owned by %(owner)s (must be owned by 
%(user)s'),
             state.ERRORS += 1
             if state.FIX:
                 print _('(fixing)')
                 uid = pwd.getpwnam(user)[2]
                 gid = grp.getgrnam(mm_cfg.MAILMAN_GROUP)[2]
                 os.chown(dbfile, uid, gid)
+            else:
+                print
+        if stat and (stat[ST_MODE] & targetmode) <> targetmode:
+            state.ERRORS += 1
+            octmode = oct(stat[ST_MODE])
+            print _('%(dbfile)s permissions must be 066x (got %(octmode)s)'),
+            if state.FIX:
+                print _('(fixing)')
+                os.chmod(dbfile, stat[ST_MODE] | targetmode)
             else:
                 print

Attachment: pgpTMIZ5rRzVM.pgp
Description: PGP signature

------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&amp;file=faq01.027.htp

Reply via email to