diff options
| author | Mark Sapiro <mark@msapiro.net> | 2017-06-06 14:44:09 -0700 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2017-06-06 14:44:09 -0700 |
| commit | b10ddd1173595992cd02748d8fcc633199b1b873 (patch) | |
| tree | 41a6eaa6e2af5f2dd54bbf70984a931746cb91d1 /Mailman | |
| parent | 4d3f440efd8b01cd16cb0d0644cac5fce3609b46 (diff) | |
| download | mailman2-b10ddd1173595992cd02748d8fcc633199b1b873.tar.gz mailman2-b10ddd1173595992cd02748d8fcc633199b1b873.tar.xz mailman2-b10ddd1173595992cd02748d8fcc633199b1b873.zip | |
Ensure aliases.db and virtual-mailman.db are world readable and owned
by the Mailman user.
Diffstat (limited to 'Mailman')
| -rw-r--r-- | Mailman/MTA/Postfix.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/Mailman/MTA/Postfix.py b/Mailman/MTA/Postfix.py index aed36bc4..b829ad6e 100644 --- a/Mailman/MTA/Postfix.py +++ b/Mailman/MTA/Postfix.py @@ -35,6 +35,9 @@ from Mailman.Logging.Syslog import syslog LOCKFILE = os.path.join(mm_cfg.LOCK_DIR, 'creator') ALIASFILE = os.path.join(mm_cfg.DATA_DIR, 'aliases') VIRTFILE = os.path.join(mm_cfg.DATA_DIR, 'virtual-mailman') +# Desired mode for aliases(.db) and virtual-mailman(.db) for both creation +# and check_perms. +targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH try: True, False @@ -45,6 +48,22 @@ except NameError: def _update_maps(): + # Helper function to fix owner and mode. + def fixom(file): + # It's not necessary for the non-db file to be S_IROTH, but for + # simplicity and compatibility with check_perms, we set it. + stat = os.stat(file) + if (stat[ST_MODE] & targetmode) <> targetmode: + os.chmod(file, stat[ST_MODE] | targetmode) + dbfile = file + '.db' + stat = os.stat(dbfile) + if (stat[ST_MODE] & targetmode) <> targetmode: + os.chmod(dbfile, stat[ST_MODE] | targetmode) + user = mm_cfg.MAILMAN_USER + if stat[ST_UID] != pwd.getpwnam(user)[2]: + uid = pwd.getpwnam(user)[2] + gid = grp.getgrnam(mm_cfg.MAILMAN_GROUP)[2] + os.chown(dbfile, uid, gid) msg = 'command failed: %s (status: %s, %s)' acmd = mm_cfg.POSTFIX_ALIAS_CMD + ' ' + ALIASFILE status = (os.system(acmd) >> 8) & 0xff @@ -52,6 +71,8 @@ def _update_maps(): errstr = os.strerror(status) syslog('error', msg, acmd, status, errstr) raise RuntimeError, msg % (acmd, status, errstr) + # Fix owner and mode of .db if needed. + fixom(ALIASFILE) if os.path.exists(VIRTFILE): vcmd = mm_cfg.POSTFIX_MAP_CMD + ' ' + VIRTFILE status = (os.system(vcmd) >> 8) & 0xff @@ -59,6 +80,8 @@ def _update_maps(): errstr = os.strerror(status) syslog('error', msg, vcmd, status, errstr) raise RuntimeError, msg % (vcmd, status, errstr) + # Fix owner and mode of .db if needed. + fixom(VIRTFILE) @@ -387,7 +410,6 @@ def remove(mlist, cgi=False): def checkperms(state): - targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP for file in ALIASFILE, VIRTFILE: if state.VERBOSE: print C_('checking permissions on %(file)s') @@ -400,7 +422,7 @@ def checkperms(state): if stat and (stat[ST_MODE] & targetmode) <> targetmode: state.ERRORS += 1 octmode = oct(stat[ST_MODE]) - print C_('%(file)s permissions must be 066x (got %(octmode)s)'), + print C_('%(file)s permissions must be 0664 (got %(octmode)s)'), if state.FIX: print C_('(fixing)') os.chmod(file, stat[ST_MODE] | targetmode) @@ -439,7 +461,7 @@ def checkperms(state): if stat and (stat[ST_MODE] & targetmode) <> targetmode: state.ERRORS += 1 octmode = oct(stat[ST_MODE]) - print C_('%(dbfile)s permissions must be 066x (got %(octmode)s)'), + print C_('%(dbfile)s permissions must be 0664 (got %(octmode)s)'), if state.FIX: print C_('(fixing)') os.chmod(dbfile, stat[ST_MODE] | targetmode) |