[Mailman-Users] OSError: [Errno 13] Permission denied /var/lib/mailman/archives/private/list/attachments: No such file or directory

Mark Sapiro mark at msapiro.net
Wed May 9 02:19:02 CEST 2012


On 5/8/2012 11:16 AM, David wrote:
> On Tue, May 8, 2012 at 12:37 PM, David <dave at fiteyes.com> wrote:
> 

>>>>> # bin/check_perms -f
>>> No problems found
>>>
>>> All permissions are reported as OK now. The check_perms is a very handy
>>> script. Thanks for the suggestion to use it.
>>>
>>
>>
>> After fixing permissions, we lost web access to the public archive:
>>
>> Forbidden
>>
>> You don't have permission to access /archive/list/ on this server.


And this was probably because you saw the following

Warning: Private archive directory is other-executable (o+x).
         This could allow other users on your system to read private
archives.
         If you're on a shared multiuser system, you should consult the
         installation manual on how to fix this.""")

And you then did the equivalent of

  chmod o-x archives/private/

without actually reading and understanding the warning in the
installation manual at <http://www.list.org/mailman-install/node9.html>.


> The fix was relatively easy. Apache runs as user www-data. After running
> bin/check_perms, I had to run:
> chown -R www-data /var/lib/mailman/archives/private


The -R in the above is unnecessary as all the subordinates should be
world readable and searchable already. You only need to ensure that the
web server can search the archives/private/ directory to find the
archives/private/LISTNAME directories pointed to by the
archives/public/LISTNAME symlinks.

Thus, archives/private/ must be either o+x or owned by the web server
user (Its group must be Mailman's group, 'list' in your case). The only
problem with its being o+x is if you have local, shell access users on
your server for whom you want to ensure no access to private list archives.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan



More information about the Mailman-Users mailing list