[ mailman-Bugs-1204386 ] check_perms doesn't ensure aliases.db is group-writeable

SourceForge.net noreply at sourceforge.net
Tue Dec 13 02:02:12 CET 2005 

Bugs item #1204386, was opened at 2005-05-18 16:01
Message generated for change (Settings changed) made by tkikuchi
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1204386&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: configuring/installing
Group: 2.1 beta
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Graham Klyne (grahamk)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_perms doesn't ensure aliases.db is group-writeable

Initial Comment:
Problem reported for mailman 2.1.6rc4
With postfix 2:2.0.16-14.RHEL3

When installing mailman 2.1.6rc1 using postfix MTA and
"Integrating Postfix and Mailman" as described inthe
installation document, I encountered a problem that the
aliases.db file was created without group write
capability.  This was not detected by check_perms. 
(Even on re-reading, it's not obvious to me that g+w
permissions are required, though that became pretty
obvious when I tracked the error log failure report
when attempting to create a new mailing list.)

Because I messed around a bit with that installation,
I've verified the problem with check_perms on a working
2.1.6rc4 installation, by resetting the groupwrite
permission, thus:

The following is executed as user mailman in dirtectory
/var/mailman/data:
[[
bash-2.05b$ ls -al
total 60
drwxrwsr-x    2 mailman  mailman      4096 May 18 14:31 .
drwxrwsr-x    9 mailman  mailman      4096 Apr 21 18:36 ..
-rw-r-----    1 mailman  mailman        41 Apr 29 13:54
adm.pw
-rw-rw----    1 mailman  mailman      4922 May  4 16:25
aliases
-rw-rw----    1 mailman  mailman     12288 May  4 16:25
aliases.db
-rw-r-----    1 mailman  mailman        41 Apr 22 15:07
creator.pw
-rw-r--r--    1 mailman  mailman        10 May 18 14:32
last_mailman_version
-rw-rw----    1 mailman  mailman         6 May 12 09:19
master-qrunner.pid
-rw-r--r--    1 mailman  mailman     14110 May 18 14:31
sitelist.cfg
bash-2.05b$ 
bash-2.05b$ /home/mailman/bin/check_perms 
No problems found

(This is a normal working configuration from which I
started)

bash-2.05b$ chmod g-w aliases*
bash-2.05b$ /home/mailman/bin/check_perms 
/var/mailman/data/aliases permissions must be 066x (got
0100640)
Problems found: 1
Re-run as mailman (or root) with -f flag to fix

(check_perms notices the problem with aliases, but not
with aliases.db)

bash-2.05b$ ls -al
total 60
drwxrwsr-x    2 mailman  mailman      4096 May 18 14:31 .
drwxrwsr-x    9 mailman  mailman      4096 Apr 21 18:36 ..
-rw-r-----    1 mailman  mailman        41 Apr 29 13:54
adm.pw
-rw-r-----    1 mailman  mailman      4922 May  4 16:25
aliases
-rw-r-----    1 mailman  mailman     12288 May  4 16:25
aliases.db
-rw-r-----    1 mailman  mailman        41 Apr 22 15:07
creator.pw
-rw-r--r--    1 mailman  mailman        10 May 18 14:32
last_mailman_version
-rw-rw----    1 mailman  mailman         6 May 12 09:19
master-qrunner.pid
-rw-r--r--    1 mailman  mailman     14110 May 18 14:31
sitelist.cfg

bash-2.05b$ chmod g+w aliases 
bash-2.05b$ /home/mailman/bin/check_perms 
No problems found
bash-2.05b$ ls -al
total 60
drwxrwsr-x    2 mailman  mailman      4096 May 18 14:31 .
drwxrwsr-x    9 mailman  mailman      4096 Apr 21 18:36 ..
-rw-r-----    1 mailman  mailman        41 Apr 29 13:54
adm.pw
-rw-rw----    1 mailman  mailman      4922 May  4 16:25
aliases
-rw-r-----    1 mailman  mailman     12288 May  4 16:25
aliases.db
-rw-r-----    1 mailman  mailman        41 Apr 22 15:07
creator.pw
-rw-r--r--    1 mailman  mailman        10 May 18 14:32
last_mailman_version
-rw-rw----    1 mailman  mailman         6 May 12 09:19
master-qrunner.pid
-rw-r--r--    1 mailman  mailman     14110 May 18 14:31
sitelist.cfg

(No report from check_perms despite missing group write
permission on aliases.db)
]]



----------------------------------------------------------------------

Comment By: Todd (beelzebozo)
Date: 2005-12-11 19:57

Message:
Logged In: YES 
user_id=1386166

Patch against CVS (20051211) created.  See
https://sourceforge.net/tracker/index.php?func=detail&aid=1378270&group_id=103&atid=100103

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1204386&group_id=103

More information about the Mailman-coders mailing list