aboutsummaryrefslogblamecommitdiffstats
path: root/bin/check_perms
blob: 44fbe547ba4b816125e0616f297f32ae9f7d7c56 (plain) (tree)









































































































































































































































































































































































                                                                               
#! @PYTHON@
#
# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

"""Check the permissions for the Mailman installation.

Usage: %(PROGRAM)s [-f] [-v] [-h]

With no arguments, just check and report all the files that have bogus
permissions or group ownership.  With -f (and run as root), fix all the
permission problems found.  With -v be verbose.

"""

import sys
import os
import errno
import getopt
import pwd
import grp
from stat import *

try:
    import paths
except ImportError:
    print '''Could not import paths!

This probably means that you are trying to run check_perms from the source
directory.  You must run this from the installation directory instead.
'''
    raise
from Mailman import mm_cfg
from Mailman.mm_cfg import MAILMAN_USER, MAILMAN_GROUP
from Mailman.i18n import _

# Let KeyErrors percolate
MAILMAN_GID = grp.getgrnam(MAILMAN_GROUP)[2]
MAILMAN_UID = pwd.getpwnam(MAILMAN_USER)[2]

PROGRAM = sys.argv[0]

# Gotta check the archives/private/*/database/* files



class State:
    FIX = 0
    VERBOSE = 0
    ERRORS = 0

STATE = State()

DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH
QFILEPERMS = S_ISGID | S_IRWXU | S_IRWXG
PYFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
ARTICLEFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP



def statmode(path):
    return os.stat(path)[ST_MODE]

def statgidmode(path):
    stat = os.stat(path)
    return stat[ST_MODE], stat[ST_GID]

def checkwalk(arg, dirname, names):
    for name in names:
        path = os.path.join(dirname, name)
        if arg.VERBOSE:
            print _('    checking gid and mode for %(path)s')
        try:
            mode, gid = statgidmode(path)
        except OSError, e:
            if e.errno <> errno.ENOENT: raise
            continue
        if gid <> MAILMAN_GID:
            try:
                groupname = grp.getgrgid(gid)[0]
            except KeyError:
                groupname = '<anon gid %d>' % gid
            arg.ERRORS += 1
            print _('%(path)s bad group (has: %(groupname)s, '
                    'expected %(MAILMAN_GROUP)s)'),
            if STATE.FIX:
                print _('(fixing)')
                os.chown(path, -1, MAILMAN_GID)
            else:
                print
        # all directories must be at least rwxrwsr-x.  Don't check the private
        # archive directory or database directory themselves since these are
        # checked in checkarchives() and checkarchivedbs() below.
        private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR
        if path == private or (os.path.commonprefix((path, private)) == private
                               and os.path.split(path)[1] == 'database'):
            continue
        # The directories under qfiles should have a more limited permission
        if os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) == mm_cfg.QUEUE_DIR:
            targetperms = QFILEPERMS
            octperms = oct(targetperms)
        else:
            targetperms = DIRPERMS
            octperms = oct(targetperms)
        if S_ISDIR(mode) and (mode & targetperms) <> targetperms:
            arg.ERRORS += 1
            print _('directory permissions must be %(octperms)s: %(path)s'),
            if STATE.FIX:
                print _('(fixing)')
                os.chmod(path, mode | targetperms)
            else:
                print
        elif os.path.splitext(path)[1] in ('.py', '.pyc', '.pyo'):
            octperms = oct(PYFILEPERMS)
            if mode & PYFILEPERMS <> PYFILEPERMS:
                print _('source perms must be %(octperms)s: %(path)s'),
                arg.ERRORS += 1
                if STATE.FIX:
                    print _('(fixing)')
                    os.chmod(path, mode | PYFILEPERMS)
                else:
                    print
        elif path.endswith('-article'):
            # Article files must be group writeable
            octperms = oct(ARTICLEFILEPERMS)
            if mode & ARTICLEFILEPERMS <> ARTICLEFILEPERMS:
                print _('article db files must be %(octperms)s: %(path)s'),
                arg.ERRORS += 1
                if STATE.FIX:
                    print _('(fixing)')
                    os.chmod(path, mode | ARTICLEFILEPERMS)
                else:
                    print

def checkall():
    # first check PREFIX
    if STATE.VERBOSE:
        prefix = mm_cfg.PREFIX
        print _('checking mode for %(prefix)s')
    dirs = {}
    for d in (mm_cfg.PREFIX, mm_cfg.EXEC_PREFIX, mm_cfg.VAR_PREFIX):
        dirs[d] = 1
    for d in dirs.keys():
        mode = statmode(d)
        if (mode & DIRPERMS) <> DIRPERMS:
            STATE.ERRORS += 1
            print _('directory must be at least 02775: %(d)s'),
            if STATE.FIX:
                print _('(fixing)')
                os.chmod(d, mode | DIRPERMS)
            else:
                print
        # check all subdirs
        os.path.walk(d, checkwalk, STATE)


def checkarchives():
    private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR
    if STATE.VERBOSE:
        print _('checking perms on %(private)s')
    # private archives must not be other readable
    mode = statmode(private)
    if mode & S_IROTH:
        STATE.ERRORS += 1
        print _('%(private)s must not be other-readable'),
        if STATE.FIX:
            print _('(fixing)')
            os.chmod(private, mode & ~S_IROTH)
        else:
            print


MBOXPERMS = S_IRGRP | S_IWGRP | S_IRUSR | S_IWUSR


def checkmboxfile(mboxdir):
    absdir = os.path.join(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR, mboxdir)
    for f in os.listdir(absdir):
        if not f.endswith('.mbox'):
            continue
        mboxfile = os.path.join(absdir, f)
        mode = statmode(mboxfile)
        if (mode & MBOXPERMS) <> MBOXPERMS:
            STATE.ERRORS = STATE.ERRORS + 1
            print _('mbox file must be at least 0660:'), mboxfile
            if STATE.FIX:
                print _('(fixing)')
                os.chmod(mboxfile, mode | MBOXPERMS)
            else:
                print


def checkarchivedbs():
    # The archives/private/listname/database file must not be other readable
    # or executable otherwise those files will be accessible when the archives
    # are public.  That may not be a horrible breach, but let's close this off
    # anyway.
    for dir in os.listdir(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR):
        if dir.endswith('.mbox'):
            checkmboxfile(dir)
        dbdir = os.path.join(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR, dir, 'database')
        try:
            mode = statmode(dbdir)
        except OSError, e:
            if e.errno not in (errno.ENOENT, errno.ENOTDIR): raise
            continue
        if mode & S_IRWXO:
            STATE.ERRORS += 1
            print _('%(dbdir)s "other" perms must be 000'),
            if STATE.FIX:
                print _('(fixing)')
                os.chmod(dbdir, mode & ~S_IRWXO)
            else:
                print


def checkcgi():
    cgidir = os.path.join(mm_cfg.EXEC_PREFIX, 'cgi-bin')
    if STATE.VERBOSE:
        print _('checking cgi-bin permissions')
    exes = os.listdir(cgidir)
    for f in exes:
        path = os.path.join(cgidir, f)
        if STATE.VERBOSE:
            print _('    checking set-gid for %(path)s')
        mode = statmode(path)
        if mode & S_IXGRP and not mode & S_ISGID:
            STATE.ERRORS += 1
            print _('%(path)s must be set-gid'),
            if STATE.FIX:
                print _('(fixing)')
                os.chmod(path, mode | S_ISGID)
            else:
                print

def checkmail():
    wrapper = os.path.join(mm_cfg.WRAPPER_DIR, 'mailman')
    if STATE.VERBOSE:
        print _('checking set-gid for %(wrapper)s')
    mode = statmode(wrapper)
    if not mode & S_ISGID:
        STATE.ERRORS += 1
        print _('%(wrapper)s must be set-gid'),
        if STATE.FIX:
            print _('(fixing)')
            os.chmod(wrapper, mode | S_ISGID)

def checkadminpw():
    for pwfile in (os.path.join(mm_cfg.DATA_DIR, 'adm.pw'),
                   os.path.join(mm_cfg.DATA_DIR, 'creator.pw')):
        targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP
        if STATE.VERBOSE:
            print _('checking permissions on %(pwfile)s')
        try:
            mode = statmode(pwfile)
        except OSError, e:
            if e.errno <> errno.ENOENT: raise
            return
        if mode <> targetmode:
            STATE.ERRORS += 1
            octmode = oct(mode)
            print _('%(pwfile)s permissions must be exactly 0640 '
                    '(got %(octmode)s)'),
            if STATE.FIX:
                print _('(fixing)')
                os.chmod(pwfile, targetmode)
            else:
                print

def checkmta():
    if mm_cfg.MTA:
        modname = 'Mailman.MTA.' + mm_cfg.MTA
        __import__(modname)
        try:
            sys.modules[modname].checkperms(STATE)
        except AttributeError:
            pass

def checkdata():
    targetmode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
    checkfiles = ('config.pck', 'config.pck.last',
                  'config.db', 'config.db.last',
                  'next-digest', 'next-digest-topics',
                  'request.db', 'request.db.tmp')
    if STATE.VERBOSE:
        print _('checking permissions on list data')
    # BAW: This needs to be converted to the Site module abstraction
    for dir in os.listdir(mm_cfg.LIST_DATA_DIR):
        for file in checkfiles:
            path = os.path.join(mm_cfg.LIST_DATA_DIR, dir, file)
            if STATE.VERBOSE:
                print _('    checking permissions on: %(path)s')
            try:
                mode = statmode(path)
            except OSError, e:
                if e.errno <> errno.ENOENT: raise
                continue
            if (mode & targetmode) <> targetmode:
                STATE.ERRORS += 1
                print _('file permissions must be at least 660: %(path)s'),
                if STATE.FIX:
                    print _('(fixing)')
                    os.chmod(path, mode | targetmode)
                else:
                    print



def usage(code, msg=''):
    if code:
        fd = sys.stderr
    else:
        fd = sys.stdout
    print >> fd, _(__doc__)
    if msg:
        print >> fd, msg
    sys.exit(code)


if __name__ == '__main__':
    try:
        opts, args = getopt.getopt(sys.argv[1:],
                                   'fvh',
                                   ['fix', 'verbose', 'help'])
    except getopt.error, msg:
        usage(1, msg)

    for opt, arg in opts:
        if opt in ('-h', '--help'):
            usage(0)
        elif opt in ('-f', '--fix'):
            STATE.FIX = 1
        elif opt in ('-v', '--verbose'):
            STATE.VERBOSE = 1

    checkall()
    checkarchives()
    checkarchivedbs()
    checkcgi()
    checkmail()
    checkdata()
    checkadminpw()
    checkmta()

    if not STATE.ERRORS:
        print _('No problems found')
    else:
        print _('Problems found:'), STATE.ERRORS
        print _('Re-run as %(MAILMAN_USER)s (or root) with -f flag to fix')