[Mailman-Users] permissions problem with private archives

Thu Apr 5 23:51:23 CEST 2001

Hi.  I'm setting up mailman-2.0.3, and am having a problem with private 
archives not being private.  (I'm using thttpd and postfix.  Because 
thttpd doesn't like following symlinks and requires all documents 
to be under a single document tree, I'm having to play a few symlink 
games with Mailman to make things work, but I don't believe those 
are relevant to my problems.)

Private archives are fine through the web interface - only visible with
authentication -, but they're world-readable in the filesystem, which
means that anybody with a local account can see them.  Since some of
our mailing lists might end up being about things like hiring, that's
clearly not OK.  So the first time a message for a list with a private archive 
is received, the archive is created with world read permissions (and 
world execute permissions on the directories).  That seems like it 
ought not to be correct.

By way of experimentation, I set a private archive to be non-world-readable 
by hand (but still group-readable by group mailman).  However, that 
prevented the private archives from being readable over the web even *with* 
proper authentication.  (I don't really understand that, since the 
files/directories were readable/traversable by group mailman, and 
the "private" CGI script is setgid mailman.)

Here are sample permissions in "archives/private":
  % ls -lg /home/mailman/www/archives/private
  total 20
  drwxrwsr-x   2 mailman  mailman      4096 Mar 23 18:55 havnot.mbox
  drwxrwsr-x   4 mailman  mailman      4096 Mar 31 03:27 test
  drwxrwsr-x   2 mailman  mailman      4096 Mar 30 16:48 test.mbox
  drwxrwsr-x   4 mailman  mailman      4096 Mar 31 03:27 testprivate
  drwxrwsr-x   2 mailman  mailman      4096 Mar 30 17:27 testprivate.mbox

And inside the "testprivate" directory:
  % ls -lg /home/mailman/www/archives/private/testprivate
  total 24
  drwxrwsr-x   2 mailman  mailman      4096 Mar 30 17:27 20010330
  -rw-rw-r--   1 mailman  mailman       581 Mar 30 17:27 20010330.txt
  -rw-rw-r--   1 mailman  mailman       358 Mar 31 03:27 20010330.txt.gz
  drwxrws---   2 mailman  mailman      4096 Mar 30 17:27 database
  -rw-rw-r--   1 mailman  mailman      1078 Mar 30 17:27 index.html
  -rw-rw-r--   1 mailman  mailman       489 Mar 30 17:27 pipermail.pck

For comparison, here are the permissions in the "test" directory (which 
is set up to be publically archived):
  % ls -lg /home/mailman/www/archives/private/test       
  total 24
  drwxrwsr-x   2 mailman  mailman      4096 Mar 30 17:05 Week-of-Mon-20010326
  -rw-rw-r--   1 mailman  mailman      2857 Mar 30 17:05 Week-of-Mon-20010326.txt
  -rw-rw-r--   1 mailman  mailman      1337 Mar 31 03:27 Week-of-Mon-20010326.txt.gz
  drwxrws---   2 mailman  mailman      4096 Mar 30 17:05 database
  -rw-rw-r--   1 mailman  mailman      1110 Mar 30 17:05 index.html
  -rw-rw-r--   1 mailman  mailman       502 Mar 30 17:05 pipermail.pck

Note that the permissions are just the same.

The /home/mailman/www/archives/private directory itself is world-executable, 
but not world-readable, but that doesn't matter, since list names 
are predictable.

Again, access to the private and public archives through the web interface
works just as you would expect, but I need the actual files in the 
filesystem for private archives not to be world-readable.  Am I somehow 
misunderstanding the design here?  How does Mailman maintain the permissions 
on public versus private archives?

(Mailman's installation directory is on NFS, but it's *not* mounted 
with nosuid.)

Thanks to anybody who has suggestions.

-j.

PS - Here are some notes about the symlinks I made to get Mailman 
and thttpd talking nicely to each other:

  thttpd (in its default/more secure configuration) doesn't follow symlinks,
  so all the Mailman-related stuff needs to live under a common directory.
  I'm hoping Mailman will be content following symlinks.

  As user mailman:
  * mkdir /home/mailman/www
  * mv /home/mailman/archives /home/mailman/www
  * mv /home/mailman/cgi-bin /home/mailman/www/bin
  * ln -s www/archives /home/mailman
  * ln -s www/bin /home/mailman/cgi-bin
  * rm /home/mailman/www/bin/pipermail
  * ln -f -s /home/mailman/www/archives/public /home/mailman/www/bin/pipermail
  * ln -s archives/public www/pipermail

And here's the "configure" line I used:
  ./configure  --prefix=/home/mailman --with-python=/arch/unix/bin/python \
    '--with-mail-gid=nobody daemon' '--with-cgi-gid=nobody www daemon' \
    --with-gcc=/arch/gnu/bin/gcc