On 01/28/2015 07:15 PM, Bill Christensen wrote: > Well, I had it all working on Monday night. > > I got a report today that someone was getting "Forbidden" again. > > The owner of the list in question (and only that one list, not any of > the other publicly archived lists - which have not seen any posts in the > last two days) had changed back from _www to root. CHOWNing it back to > _www again brings up the archive, but then it was only showing the last > two days worth of archives (owner of those posts: _mailman, the rest > were root). Rebuilding the archives with --wipe and running Check perms > -f (which is already cron jobbed to run every night) made the rest of > them visible again. > > What do i need to do so that I don't have to jump these hoops daily? >
Have you tried running Mailman's bin/check_perms? Here's what you should have in the way of ownership and permissions. Group should be _mailman on everything. 'owner' doesn't matter except in the one case where I indicate _www. SETGID bits are important. drwxrwsr-x owner _mailman /path/to/mailman drwxrwsr-x owner _mailman /path/to/mailman/archives drwxrwsr-x owner _mailman /path/to/mailman/archives/ drwxrwsr-x owner _mailman /path/to/mailman/archives/public and only symlinks in this directory Either drwxrws--x owner _mailman /path/to/mailman/archives/private or drwxrws--- _www _mailman /path/to/mailman/archives/private If you want to protect against access to private archives by local users of the machine, you want the latter. Otherwise the former is fine. drwxrwsr-x owner _mailman /path/to/mailman/archives/private/* And similarly for subordinate /path/to/mailman/archives/private/*/* directories. -rw-rw-r-- owner _mailman for most files subordinate to /path/to/mailman/archives/private/*. Again, SETGID bits are important. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org