aboutsummaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorMark Sapiro <msapiro@value.net>2007-06-28 10:26:13 -0700
committerMark Sapiro <msapiro@value.net>2007-06-28 10:26:13 -0700
commite4230d6e20eaac6b0abff314ee143a12ffbdabc9 (patch)
treefd11a3cdcd843fa8b42baeb0a471afee37a1ef94 /bin
parent0e302ec9331aba5a050f5bce45d20701627e6bb5 (diff)
downloadmailman2-e4230d6e20eaac6b0abff314ee143a12ffbdabc9.tar.gz
mailman2-e4230d6e20eaac6b0abff314ee143a12ffbdabc9.tar.xz
mailman2-e4230d6e20eaac6b0abff314ee143a12ffbdabc9.zip
check_perms checked archives/private/ and archives/private/<list>/database/
directories to make sure they didn't have certain 'other' permissions, but it didn't check these directories for the necessary user and group permissions. This is now fixed.
Diffstat (limited to 'bin')
-rwxr-xr-xbin/check_perms31
1 files changed, 19 insertions, 12 deletions
diff --git a/bin/check_perms b/bin/check_perms
index 7c807745..b9926016 100755
--- a/bin/check_perms
+++ b/bin/check_perms
@@ -1,6 +1,6 @@
#! @PYTHON@
#
-# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -14,7 +14,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA.
"""Check the permissions for the Mailman installation.
@@ -73,6 +74,7 @@ DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH
QFILEPERMS = S_ISGID | S_IRWXU | S_IRWXG
PYFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
ARTICLEFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
+PRIVATEPERMS = QFILEPERMS
@@ -124,20 +126,25 @@ def checkwalk(arg, dirname, names):
os.chown(path, -1, MAILMAN_GID)
else:
print
- # all directories must be at least rwxrwsr-x. Don't check the private
- # archive directory or database directory themselves since these are
- # checked in checkarchives() and checkarchivedbs() below.
+ # Most directories must be at least rwxrwsr-x.
+ # The private archive directory and database directory must be at
+ # least rwxrws---. Their 'other' permissions are checked in
+ # checkarchives() and checkarchivedbs() below. Their 'user' and
+ # 'group' permissions are checked here.
+ # The directories under qfiles should be rwxrws---. Their 'user' and
+ # 'group' permissions are checked here. Their 'other' permissions
+ # aren't checked.
private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR
- if path == private or (os.path.commonprefix((path, private)) == private
- and os.path.split(path)[1] == 'database'):
- continue
- # The directories under qfiles should have a more limited permission
- if os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) == mm_cfg.QUEUE_DIR:
+ if path == private or \
+ (os.path.commonprefix((path, private)) == private
+ and os.path.split(path)[1] == 'database'):
+ targetperms = PRIVATEPERMS
+ elif os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) \
+ == mm_cfg.QUEUE_DIR:
targetperms = QFILEPERMS
- octperms = oct(targetperms)
else:
targetperms = DIRPERMS
- octperms = oct(targetperms)
+ octperms = oct(targetperms)
if S_ISDIR(mode) and (mode & targetperms) <> targetperms:
arg.ERRORS += 1
print _('directory permissions must be %(octperms)s: %(path)s'),