[Mailman-Users] Hurray! My archive works again... User warning for check_perms!
mark at msapiro.net
Fri Oct 31 07:52:04 CET 2008
TGPlatt, WebMaster wrote:
>I'm pleased to report my mailman archive update process is working again. As
>it turned out, what was keeping the feature from working was ownership
>and/or permissions on files in /usr/mailman/archives/private/[LISTNAME] and
>/usr/mailman/archives/private/[LISTNAME]/database directories. Somehow, (I'm
>not sure how) many -- but not all -- files in those directories were owned
>by root rather than by mailman and many of them also had permissions of 644
>(rw-r--r--) RATHER than 664 (rw-rw-r--). That has been corrected now and ALL
>files in the mailman directory structure are now owned by mailman PLUS the
>permissions on virtually all data files are 664 and not 644.
>This issue apparently goes back to when mailman was first laid down on our
>old server in the early summer; because a check of the last backup taken
>from the old server at the end of September shows ALL files in those
>directories were owned by root and not by mailman. That was CLEARLY caused
>by some error I made when installing and setting up mailman.
The files were owned by root because you did the install as root. This
is normally not a problem because the files are group mailman and are
group writable and the Mailman processes all run as group mailman.
What fixed the present issue for you was changing permissions from 644
to 664. Changing owner to mailman didn't hurt, but by itself, it
wouldn't solve all problems because while the qrunners run as the
mailman user, the web CGIs don't and mail delivery may or may not
depending on the MTA.
>I added, the "User warning for check_perms" because although the perms shown
>on that final old-server backup were 664 for all mailman files in
>/usr/mailman/archives/private/mylist directory and 660 for all files in
>/usr/mailman/archives/private/mylist/database and check_perms reported "No
>Problems Found", check_perms was flat wrong about that. The ownership on ALL
>those files was wrong but check_perms failed to detect and report that
>issue. This issue has been reported and should soon be fixed. But in the
>meantime be cautions about putting too much faith in check_perms in mailman
Checkperms doesn't check owner because access control is by group and
owner doesn't matter.
Check_perms reporting no problem when group is mailman and files are
g+rw and directories are g+rws is not a problem. The problem with
check_perms is it doesn't report an error for many g-w files that need
to be g+w.
>The data files in those directories must ALL be owned by mailman. In our
>case they were owned by ROOT!
Changing the ownership would 'fix' that problem, but if the files had
been group mailman and g+w, there would be no problem even if they
were owned by root.
>That prevented mailman's ARCHrunner from
>updating the archive and produced the same errors every day for almost 3
>months when mailman tried to update the archive. The errors were recorded
>each day in the mailman error log (/usr/local/mailman/logs/error); but I
>never checked the error log! Duhhh! Also, because of those errors the
>archives were not updated for 3 months and mailman's automatic cleanup
>process was systematically discarding ALL new posts that hadn't been updated
>after 7 days. Sadly, neither I nor anyone else was checking the archive
>either. Double Duhhh!! So, in the end we lost 3 months worth of archive
>The lessons here are:
>1. Just because check_perms reports "No Problems Found", don't assume
>everything is set right or working correctly. CHECK THE ERROR LOG and CHECK
>THE ARCHIVES! Then, DOUBLE-CHECK both the file and directory permissions and
>OWNERSHIPs in the archive directories for each of your mailman lists. There
>is a post in the archives that briefly explains exactly what permissions
>should be for both files and directories. You'll find that post here:
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users