Re: [Mailman-Users] Archiving problems

Wed, 28 Jan 2015 22:04:29 -0800 

On 01/28/2015 07:15 PM, Bill Christensen wrote:

> Well, I had it all working on Monday night.
> 
> I got a report today that someone was getting "Forbidden" again.
> 
> The owner of the list in question (and only that one list, not any of
> the other publicly archived lists - which have not seen any posts in the
> last two days) had changed back from _www to root.  CHOWNing it back to
> _www again brings up the archive, but then it was only showing the last
> two days worth of archives (owner of those posts: _mailman, the rest
> were root).  Rebuilding the archives with --wipe and running Check perms
> -f (which is already cron jobbed to run every night) made the rest of
> them visible again.
> 
> What do i need to do so that I don't have to jump these hoops daily?
>

Have you tried running Mailman's bin/check_perms?

Here's what you should have in the way of ownership and permissions.
Group should be _mailman on everything. 'owner' doesn't matter except in
the one case where I indicate _www. SETGID bits are important.

drwxrwsr-x  owner _mailman  /path/to/mailman

drwxrwsr-x  owner _mailman  /path/to/mailman/archives

drwxrwsr-x  owner _mailman  /path/to/mailman/archives/

drwxrwsr-x  owner _mailman  /path/to/mailman/archives/public
                             and only symlinks in this directory

Either
drwxrws--x  owner _mailman  /path/to/mailman/archives/private
or
drwxrws---  _www  _mailman  /path/to/mailman/archives/private

If you want to protect against access to private archives by local users
of the machine, you want the latter. Otherwise the former is fine.

drwxrwsr-x  owner _mailman  /path/to/mailman/archives/private/*

And similarly for subordinate /path/to/mailman/archives/private/*/*
directories.

-rw-rw-r--  owner _mailman  for most files subordinate to
/path/to/mailman/archives/private/*.


Again, SETGID bits are important.

-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to