tag 603904 + patch user cont...@itopie.ch usertags 603904 + debian-packaging thanks
Hi there! On Sat, 08 Mar 2014 20:56:15 +0100, b...@debian.org wrote: > I confirm the problem. FYI here's the permissions at Gna(.org) that > have been working for at least 2 years, more likely 10: > > drwxrws--- 4065 www-data list 139264 Mar 8 17:30 > /var/lib/mailman/archives/private/ The above reflects both /usr/share/doc/mailman/mailman-install.txt.gz From wheezy (1:2.1.15-1) and sid (1:2.1.16-2), as well as the online documentation: <http://www.gnu.org/software/mailman/mailman-install/node9.html> --8<---------------cut here---------------start------------->8--- 4 Check your installation After you've run make install, you should check that your installation has all the correct permissions and group ownerships by running the check_perms script. [...] Warning: If you're running Mailman on a shared multiuser system, and you have mailing lists with private archives, you may want to hide the private archive directory from other users on your system. In that case, you should drop the other execute permission (o-x) from the archives/private directory. However, the web server process must be able to follow the symbolic link in public directory, otherwise your public Pipermail archives will not work. To set this up, become root and run the following commands: # cd <prefix>/archives # chown <web-server-user> private # chmod o-x private You need to know what user your web server runs as. It may be www, apache, httpd or nobody, depending on your server's configuration. --8<---------------cut here---------------end--------------->8--- However, the above is still not the case on a default wheezy (1:2.1.15-1) installation: list:www-data for private and root:list for public. And indeed, the current Debian settings cause a permission error, everything is OK for www-data, but not for list: ===== root@maison:~# ls -l /var/lib/mailman/archives/* /var/lib/mailman/archives/private: total 16 drwxrwsr-x 2 root www-data 4096 Mar 29 15:28 mailman drwxrwsr-x 2 root www-data 4096 Mar 29 15:28 mailman.mbox drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test.mbox /var/lib/mailman/archives/public: total 0 lrwxrwxrwx 1 www-data list 38 Mar 29 18:02 test -> /var/lib/mailman/archives/private/test root@maison:/etc# ls -lR /var/lib/mailman/archives/* /var/lib/mailman/archives/private: total 16 drwxrwsr-x 2 root www-data 4096 Mar 29 15:28 mailman drwxrwsr-x 2 root www-data 4096 Mar 29 15:28 mailman.mbox drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test drwxrwsr-x 2 www-data www-data 4096 Mar 29 18:02 test.mbox /var/lib/mailman/archives/private/mailman: total 4 -rw-rw-r-- 1 root www-data 573 Mar 29 15:28 index.html /var/lib/mailman/archives/private/mailman.mbox: total 0 /var/lib/mailman/archives/private/test: total 4 -rw-rw-r-- 1 www-data www-data 564 Mar 29 18:02 index.html /var/lib/mailman/archives/private/test.mbox: total 0 /var/lib/mailman/archives/public: total 0 lrwxrwxrwx 1 www-data list 38 Mar 29 18:02 test -> /var/lib/mailman/archives/private/test root@maison:~# ===== Simply doing as Sylvain and upstream suggest is enough, which actually reflects the public folder permissions: ===== root@maison:~# chown www-data:list /var/lib/mailman/archives/private/ root@maison:~# chgrp -R list /var/lib/mailman/archives/private/ ===== Please note that Yubao Liu already pointed this out, both on this bug as well as on the Debian Mailman list: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603904#10> <http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/2011-December/003877.html> The patch is trivial: --8<---------------cut here---------------start------------->8--- diffstat for mailman-2.1.16 mailman-2.1.16 changelog | 9 +++++++++ rules | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff -Nru mailman-2.1.16/debian/changelog mailman-2.1.16/debian/changelog --- mailman-2.1.16/debian/changelog 2014-02-03 14:01:47.000000000 +0100 +++ mailman-2.1.16/debian/changelog 2014-03-30 16:44:58.000000000 +0200 @@ -1,3 +1,12 @@ +mailman (1:2.1.16-3~fix603904.1) UNRELEASED; urgency=medium + + * debian/rules: + + fix ownership on /var/lib/mailman/archives/private as upstream + suggests, also reflecting group ownership for public archives + (Closes: #603904). + + -- Luca Capello <l...@pca.it> Sun, 30 Mar 2014 16:44:58 +0200 + mailman (1:2.1.16-2) unstable; urgency=medium * Upload to unstable, as requested by Thijs; we did not encounter diff -Nru mailman-2.1.16/debian/rules mailman-2.1.16/debian/rules --- mailman-2.1.16/debian/rules 2014-02-03 13:47:42.000000000 +0100 +++ mailman-2.1.16/debian/rules 2014-03-30 17:18:22.000000000 +0200 @@ -179,7 +179,7 @@ debian/mailman/usr/lib/$(package)/Mailman/Cgi/* chmod o-rx debian/mailman/var/lib/$(package)/archives/private - chown list:www-data debian/mailman/var/lib/$(package)/archives/private + chown www-data debian/mailman/var/lib/$(package)/archives/private chmod 0755 debian/mailman/usr/lib/$(package)/cron/* chmod 0644 debian/mailman/usr/lib/$(package)/cron/{crontab.in,paths.py} --8<---------------cut here---------------end--------------->8--- Thx, bye, Gismo / Luca
signature.asc
Description: PGP signature