tag 603904 + patch
user cont...@itopie.ch
usertags 603904 + debian-packaging
thanks

Hi there!

On Sat, 08 Mar 2014 20:56:15 +0100, b...@debian.org wrote:
> I confirm the problem.  FYI here's the permissions at Gna(.org) that
> have been working for at least 2 years, more likely 10:
>
>   drwxrws--- 4065 www-data list 139264 Mar  8 17:30 
> /var/lib/mailman/archives/private/

The above reflects both /usr/share/doc/mailman/mailman-install.txt.gz
From wheezy (1:2.1.15-1) and sid (1:2.1.16-2), as well as the online
documentation:

  <http://www.gnu.org/software/mailman/mailman-install/node9.html>

--8<---------------cut here---------------start------------->8---
                           4 Check your installation

   After you've run make install, you should check that your installation
   has all the correct permissions and group ownerships by running the
   check_perms script.
[...]
   Warning: If you're running Mailman on a shared multiuser system, and
   you have mailing lists with private archives, you may want to hide the
   private archive directory from other users on your system. In that
   case, you should drop the other execute permission (o-x) from the
   archives/private directory. However, the web server process must be
   able to follow the symbolic link in public directory, otherwise your
   public Pipermail archives will not work. To set this up, become root
   and run the following commands:

# cd <prefix>/archives
# chown <web-server-user> private
# chmod o-x private

   You need to know what user your web server runs as. It may be www,
   apache, httpd or nobody, depending on your server's configuration.
--8<---------------cut here---------------end--------------->8---

However, the above is still not the case on a default wheezy
(1:2.1.15-1) installation: list:www-data for private and root:list for
public.  And indeed, the current Debian settings cause a permission
error, everything is OK for www-data, but not for list:
=====
root@maison:~# ls -l /var/lib/mailman/archives/*
/var/lib/mailman/archives/private:
total 16
drwxrwsr-x 2 root     www-data 4096 Mar 29 15:28 mailman
drwxrwsr-x 2 root     www-data 4096 Mar 29 15:28 mailman.mbox
drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test
drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test.mbox

/var/lib/mailman/archives/public:
total 0
lrwxrwxrwx 1 www-data list 38 Mar 29 18:02 test -> 
/var/lib/mailman/archives/private/test
root@maison:/etc# ls -lR /var/lib/mailman/archives/*
/var/lib/mailman/archives/private:
total 16
drwxrwsr-x 2 root     www-data 4096 Mar 29 15:28 mailman
drwxrwsr-x 2 root     www-data 4096 Mar 29 15:28 mailman.mbox
drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test
drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test.mbox

/var/lib/mailman/archives/private/mailman:
total 4
-rw-rw-r-- 1 root www-data 573 Mar 29 15:28 index.html

/var/lib/mailman/archives/private/mailman.mbox:
total 0

/var/lib/mailman/archives/private/test:
total 4
-rw-rw-r-- 1 www-data www-data 564 Mar 29 18:02 index.html

/var/lib/mailman/archives/private/test.mbox:
total 0

/var/lib/mailman/archives/public:
total 0
lrwxrwxrwx 1 www-data list 38 Mar 29 18:02 test -> 
/var/lib/mailman/archives/private/test
root@maison:~# 
=====

Simply doing as Sylvain and upstream suggest is enough, which actually
reflects the public folder permissions:
=====
root@maison:~# chown www-data:list /var/lib/mailman/archives/private/
root@maison:~# chgrp -R list /var/lib/mailman/archives/private/
=====

Please note that Yubao Liu already pointed this out, both on this bug as
well as on the Debian Mailman list:

  <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603904#10>
  
<http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/2011-December/003877.html>

The patch is trivial:

--8<---------------cut here---------------start------------->8---
diffstat for mailman-2.1.16 mailman-2.1.16

 changelog |    9 +++++++++
 rules     |    2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff -Nru mailman-2.1.16/debian/changelog mailman-2.1.16/debian/changelog
--- mailman-2.1.16/debian/changelog     2014-02-03 14:01:47.000000000 +0100
+++ mailman-2.1.16/debian/changelog     2014-03-30 16:44:58.000000000 +0200
@@ -1,3 +1,12 @@
+mailman (1:2.1.16-3~fix603904.1) UNRELEASED; urgency=medium
+
+  * debian/rules:
+    + fix ownership on /var/lib/mailman/archives/private as upstream
+      suggests, also reflecting group ownership for public archives
+      (Closes: #603904).
+
+ -- Luca Capello <l...@pca.it>  Sun, 30 Mar 2014 16:44:58 +0200
+
 mailman (1:2.1.16-2) unstable; urgency=medium
 
   * Upload to unstable, as requested by Thijs; we did not encounter
diff -Nru mailman-2.1.16/debian/rules mailman-2.1.16/debian/rules
--- mailman-2.1.16/debian/rules 2014-02-03 13:47:42.000000000 +0100
+++ mailman-2.1.16/debian/rules 2014-03-30 17:18:22.000000000 +0200
@@ -179,7 +179,7 @@
                debian/mailman/usr/lib/$(package)/Mailman/Cgi/*
 
        chmod o-rx debian/mailman/var/lib/$(package)/archives/private
-       chown list:www-data debian/mailman/var/lib/$(package)/archives/private
+       chown www-data debian/mailman/var/lib/$(package)/archives/private
        chmod 0755 debian/mailman/usr/lib/$(package)/cron/*
        chmod 0644 debian/mailman/usr/lib/$(package)/cron/{crontab.in,paths.py}
 
--8<---------------cut here---------------end--------------->8---

Thx, bye,
Gismo / Luca

Attachment: signature.asc
Description: PGP signature

Reply via email to