[Mailman-Users] OSError: [Errno 13] Permission denied/var/lib/mailman/archives/private/list/attachments: No such file or directory
Mark Sapiro
mark at msapiro.net
Wed May 9 18:20:27 CEST 2012
David wrote:
>
>Yes, I can access all the archived messages now, as expected. You are right
>about the ownership. In checking again, I can access files from the listing
>below regardless of whether the owner is www-data or list.
>
>I did not change any permissions directly. I ran the check_perms script. It
>fixed over 200 items, but but would not fix 12 items. Re-running it several
>times would not fix those remaining items (I assume because they were all
>symlinks). So I fixed the symlinks manually, such as:
>
>chgrp -h list /var/lib/mailman/templates
check_perms does not work with symlinks, but it doesn't matter because
the ownership/permissions of a symlink are irrelevant, only the target
ownership and permissions are relevant.
What happens is check_perms sees the ownership and permissions of the
symlink and complains and if run with -f, 'fixes' the ownership and
permissions of the target, but since the permissions of the symlink
haven't changed, check_perms complains again the next time.
In a standard source install, there are no symlinks so this is not in
issue. In certain packages (Debian/Ubuntu for example) there are
symlinks. See the FAQ at <http://wiki.list.org/x/OIDD>.
>After fixing the remaining group ownerships in this way, I ran check_perms
>again and it reported no problems. But then I was unable to access the
>public archices.
>
>That's when I changed ownership with:
>chown -R www-data /var/lib/mailman/archives/private
>
>As soon as I ran that command, I was able to access the archives again.
>
>I can't say absolutely what the group ownership was prior to that, but I
>think the owner was list and group was list, judging from the directory
>listing below.
I can't diagnose what the real issue was without knowing the ownership
and permissions before the change, but I doubt that running
chown -R www-data /var/lib/mailman/archives/private
with -R was necessary. In fact, if the permissions
drwxrwsr-x 2 www-data list 4096 May 8 22:42 .
you show in the post at
<http://mail.python.org/pipermail/mailman-users/2012-May/073397.html>
are those of /var/lib/mailman/archives/private, I think you could run
chown -R list /var/lib/mailman/archives/private
or even
chown -R nobody /var/lib/mailman/archives/private
and public archive access would still work because according to the
listing below, the /var/lib/mailman/archives/private/list directory
and its subordinates are all world searchable/readable and in that
case it should be sufficient for /var/lib/mailman/archives/private to
be
drwxrws--x 2 list list ...
>root at localhost:/var/lib/mailman/archives/private# ls -la list/2012-May
>total 432
>drwxrwsr-x 2 www-data list 4096 May 8 22:42 .
>drwxrwsr-x 5 www-data list 4096 May 8 03:27 ..
>-rw-rw-r-- 1 www-data list 11654 May 7 22:22 000000.html
>-rw-rw-r-- 1 www-data list 8492 May 8 02:18 000001.html
>-rw-rw-r-- 1 www-data list 14475 May 8 18:54 000002.html
>-rw-rw-r-- 1 www-data list 2865 May 8 18:54 000003.html
>-rw-rw-r-- 1 www-data list 3390 May 8 18:54 000004.html
>-rw-rw-r-- 1 www-data list 4521 May 8 18:54 000005.html
>-rw-rw-r-- 1 www-data list 3790 May 8 02:18 000006.html
>-rw-rw-r-- 1 www-data list 11299 May 8 18:54 000007.html
>-rw-rw-r-- 1 www-data list 4833 May 8 02:18 000008.html
>-rw-rw-r-- 1 www-data list 3134 May 8 18:54 000009.html
>-rw-rw-r-- 1 www-data list 5923 May 8 18:54 000010.html
>-rw-rw-r-- 1 www-data list 8348 May 8 02:18 000011.html
>-rw-rw-r-- 1 www-data list 3847 May 8 18:54 000012.html
>-rw-rw-r-- 1 www-data list 20422 May 8 18:54 000013.html
>-rw-rw-r-- 1 www-data list 3687 May 8 18:54 000014.html
>-rw-rw-r-- 1 www-data list 5147 May 8 18:54 000015.html
>-rw-rw-r-- 1 www-data list 4133 May 8 18:54 000016.html
>-rw-rw-r-- 1 www-data list 6029 May 8 18:54 000017.html
>-rw-rw-r-- 1 www-data list 5171 May 8 18:54 000018.html
>-rw-rw-r-- 1 www-data list 3434 May 8 18:54 000019.html
>-rw-rw-r-- 1 www-data list 5875 May 8 18:54 000020.html
>-rw-rw-r-- 1 www-data list 3533 May 8 18:54 000021.html
>-rw-rw-r-- 1 www-data list 3996 May 8 18:54 000022.html
>-rw-rw-r-- 1 www-data list 7329 May 8 18:54 000023.html
>-rw-rw-r-- 1 www-data list 4985 May 8 18:54 000024.html
>-rw-rw-r-- 1 www-data list 5136 May 8 18:54 000025.html
>-rw-rw-r-- 1 www-data list 7115 May 8 18:54 000026.html
>-rw-rw-r-- 1 www-data list 6618 May 8 18:54 000027.html
>-rw-rw-r-- 1 www-data list 3929 May 8 18:54 000028.html
>-rw-rw-r-- 1 www-data list 3333 May 8 19:43 000029.html
>-rw-rw-r-- 1 www-data list 4049 May 8 18:54 000030.html
>-rw-rw-r-- 1 www-data list 4980 May 8 19:42 000031.html
>-rw-rw-r-- 1 www-data list 5532 May 8 18:54 000032.html
>-rw-rw-r-- 1 list list 3202 May 8 18:54 000033.html
>-rw-rw-r-- 1 list list 3471 May 8 18:54 000034.html
>-rw-rw-r-- 1 list list 4488 May 8 18:54 000035.html
>-rw-rw-r-- 1 list list 4294 May 8 18:54 000036.html
>-rw-rw-r-- 1 list list 5253 May 8 19:42 000037.html
>-rw-rw-r-- 1 list list 4388 May 8 20:50 000038.html
>-rw-rw-r-- 1 list list 3992 May 8 22:42 000039.html
>-rw-rw-r-- 1 list list 8728 May 8 22:24 000040.html
>-rw-rw-r-- 1 list list 7746 May 8 22:42 000041.html
>-rw-rw-r-- 1 list list 6224 May 8 22:42 000042.html
>-rw-rw-r-- 1 list list 9060 May 8 22:42 000043.html
>-rw-rw-r-- 1 list list 6918 May 8 22:42 000044.html
>-rw-rw-r-- 1 list list 6612 May 8 22:42 000045.html
>-rw-rw-r-- 1 list list 12211 May 8 22:42 000046.html
>-rw-rw-r-- 1 list list 10337 May 8 22:42 000047.html
>-rw-rw-r-- 1 list list 11630 May 8 22:42 000048.html
>-rw-rw-r-- 1 www-data list 8007 May 8 22:42 author.html
>-rw-rw-r-- 1 www-data list 8011 May 8 22:42 date.html
>lrwxrwxrwx 1 www-data list 11 May 7 22:06 index.html -> thread.html
>-rw-rw-r-- 1 www-data list 8005 May 8 22:42 subject.html
>-rw-rw-r-- 1 www-data list 10312 May 8 22:42 thread.html
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list