403 error after prune_arch
Hello,
I'm still new to permissions, ownership etc. but I have a problem.
I installed and executed prune_arch
http://fog.ccsf.cc.ca.us/~msapiro/scripts/prune_arch
Is this the up to date version?
However, after execution, I'm getting a 403 error on the archive pages.
I've already checked ownership of the public folders, and confirmed it's mailman:mailman as it should be (this was a problem before from migrated lists).
Any other idea what to look into?
Thanks and best wishes,
Jan
On 05/13/2013 10:07 AM, Jan Krohn wrote:
I'm still new to permissions, ownership etc. but I have a problem.
Which is almost certainly permissions related. What does your web server error log say?
If you got it any time after Sept 27, 2012, yes it is.
archives/public should contain only symlinks to corresponding things in archives/private.
Have you tried running bin/check_perms?
Note that archives/private MUST be o+x or owned by the web server user.
Note that bin/prune_arch only creates a new archives/private/LIST.mbox/LIST.mbox file and invokes bin/arch to rebuild the HTML archive, but archives/private should be group mailman and SETGID so everything should be created with group mailman, and be world readable.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----Ursprüngliche Nachricht----- Von: Mark Sapiro [mailto:mark@msapiro.net] Gesendet: Dienstag, 14. Mai 2013 06:13 An: Jan Krohn Cc: mailman-users@python.org Betreff: Re: [Mailman-Users] 403 error after prune_arch
On 05/13/2013 10:07 AM, Jan Krohn wrote:
I'm still new to permissions, ownership etc. but I have a problem.
Which is almost certainly permissions related. What does your web server error log say?
Not checked, issue solved (see below).
If you got it any time after Sept 27, 2012, yes it is.
I got it on Monday, so it's good...
archives/public should contain only symlinks to corresponding things in archives/private.
That's the case.
Have you tried running bin/check_perms?
Just tried:
Warning: Private archive directory is other-executable (o+x). This could allow other users on your system to read private archives. If you're on a shared multiuser system, you should consult the installation manual on how to fix this. No problems found
Note that archives/private MUST be o+x or owned by the web server user.
Checked, this is the case (drwxrws--x)
That's it. Some directories archives/private/LIST were owned by root.mailman. I changed to mailman.mailman, and the archives are back (and pruned properly)!
Thanks for your help!
Jan
On 05/13/2013 10:07 AM, Jan Krohn wrote:
I'm still new to permissions, ownership etc. but I have a problem.
Which is almost certainly permissions related. What does your web server error log say?
If you got it any time after Sept 27, 2012, yes it is.
archives/public should contain only symlinks to corresponding things in archives/private.
Have you tried running bin/check_perms?
Note that archives/private MUST be o+x or owned by the web server user.
Note that bin/prune_arch only creates a new archives/private/LIST.mbox/LIST.mbox file and invokes bin/arch to rebuild the HTML archive, but archives/private should be group mailman and SETGID so everything should be created with group mailman, and be world readable.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----Ursprüngliche Nachricht----- Von: Mark Sapiro [mailto:mark@msapiro.net] Gesendet: Dienstag, 14. Mai 2013 06:13 An: Jan Krohn Cc: mailman-users@python.org Betreff: Re: [Mailman-Users] 403 error after prune_arch
On 05/13/2013 10:07 AM, Jan Krohn wrote:
I'm still new to permissions, ownership etc. but I have a problem.
Which is almost certainly permissions related. What does your web server error log say?
Not checked, issue solved (see below).
If you got it any time after Sept 27, 2012, yes it is.
I got it on Monday, so it's good...
archives/public should contain only symlinks to corresponding things in archives/private.
That's the case.
Have you tried running bin/check_perms?
Just tried:
Warning: Private archive directory is other-executable (o+x). This could allow other users on your system to read private archives. If you're on a shared multiuser system, you should consult the installation manual on how to fix this. No problems found
Note that archives/private MUST be o+x or owned by the web server user.
Checked, this is the case (drwxrws--x)
That's it. Some directories archives/private/LIST were owned by root.mailman. I changed to mailman.mailman, and the archives are back (and pruned properly)!
Thanks for your help!
Jan
participants (2)
-
Jan Krohn -
Mark Sapiro