[Mailman-Users] Archiving problems
mark at msapiro.net
Thu Jan 29 04:51:21 CET 2015
On 01/28/2015 07:15 PM, Bill Christensen wrote:
> Well, I had it all working on Monday night.
> I got a report today that someone was getting "Forbidden" again.
> The owner of the list in question (and only that one list, not any of
> the other publicly archived lists - which have not seen any posts in the
> last two days) had changed back from _www to root. CHOWNing it back to
> _www again brings up the archive, but then it was only showing the last
> two days worth of archives (owner of those posts: _mailman, the rest
> were root). Rebuilding the archives with --wipe and running Check perms
> -f (which is already cron jobbed to run every night) made the rest of
> them visible again.
> What do i need to do so that I don't have to jump these hoops daily?
Have you tried running Mailman's bin/check_perms?
Here's what you should have in the way of ownership and permissions.
Group should be _mailman on everything. 'owner' doesn't matter except in
the one case where I indicate _www. SETGID bits are important.
drwxrwsr-x owner _mailman /path/to/mailman
drwxrwsr-x owner _mailman /path/to/mailman/archives
drwxrwsr-x owner _mailman /path/to/mailman/archives/
drwxrwsr-x owner _mailman /path/to/mailman/archives/public
and only symlinks in this directory
drwxrws--x owner _mailman /path/to/mailman/archives/private
drwxrws--- _www _mailman /path/to/mailman/archives/private
If you want to protect against access to private archives by local users
of the machine, you want the latter. Otherwise the former is fine.
drwxrwsr-x owner _mailman /path/to/mailman/archives/private/*
And similarly for subordinate /path/to/mailman/archives/private/*/*
-rw-rw-r-- owner _mailman for most files subordinate to
Again, SETGID bits are important.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users