[Mailman-Users] 403 error after prune_arch

[Jan Krohn]

-----Ursprüngliche Nachricht-----
Von: Mark Sapiro [mailto:mark at msapiro.net] 
Gesendet: Dienstag, 14. Mai 2013 06:13
An: Jan Krohn
Cc: mailman-users at python.org
Betreff: Re: [Mailman-Users] 403 error after prune_arch

On 05/13/2013 10:07 AM, Jan Krohn wrote:
>> I'm still new to permissions, ownership etc. but I have a problem.

> Which is almost certainly permissions related. What does your web server
error log say?

Not checked, issue solved (see below).

>> I installed and executed prune_arch
>> http://fog.ccsf.cc.ca.us/~msapiro/scripts/prune_arch
>> Is this the up to date version?

> If you got it any time after Sept 27, 2012, yes it is.

I got it on Monday, so it's good...

>> However, after execution, I'm getting a 403 error on the archive pages.
>> I've already checked ownership of the public folders, and confirmed 
>> it's mailman:mailman as it should be (this was a problem before from 
>> migrated lists).

> archives/public should contain only symlinks to corresponding things in
archives/private.

That's the case.

> Have you tried running bin/check_perms?

Just tried:

Warning: Private archive directory is other-executable (o+x).
         This could allow other users on your system to read private
archives.
         If you're on a shared multiuser system, you should consult the
         installation manual on how to fix this.
No problems found

> Note that archives/private MUST be o+x or owned by the web server user.

Checked, this is the case (drwxrws--x)

> Note that bin/prune_arch only creates a new
archives/private/LIST.mbox/LIST.mbox file and invokes bin/arch to rebuild
the HTML archive, but archives/private should be group mailman and SETGID so
everything should be created with group mailman, and be world readable.

That's it. Some directories archives/private/LIST were owned by
root.mailman. I changed to mailman.mailman, and the archives are back (and
pruned properly)!

Thanks for your help!

Jan