diff options
| author | Mark Sapiro <msapiro@value.net> | 2007-06-28 10:26:13 -0700 |
|---|---|---|
| committer | Mark Sapiro <msapiro@value.net> | 2007-06-28 10:26:13 -0700 |
| commit | e4230d6e20eaac6b0abff314ee143a12ffbdabc9 (patch) | |
| tree | fd11a3cdcd843fa8b42baeb0a471afee37a1ef94 /bin | |
| parent | 0e302ec9331aba5a050f5bce45d20701627e6bb5 (diff) | |
| download | mailman2-e4230d6e20eaac6b0abff314ee143a12ffbdabc9.tar.gz mailman2-e4230d6e20eaac6b0abff314ee143a12ffbdabc9.tar.xz mailman2-e4230d6e20eaac6b0abff314ee143a12ffbdabc9.zip | |
check_perms checked archives/private/ and archives/private/<list>/database/
directories to make sure they didn't have certain 'other' permissions, but it
didn't check these directories for the necessary user and group permissions.
This is now fixed.
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/check_perms | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/bin/check_perms b/bin/check_perms index 7c807745..b9926016 100755 --- a/bin/check_perms +++ b/bin/check_perms @@ -1,6 +1,6 @@ #! @PYTHON@ # -# Copyright (C) 1998-2005 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2007 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -14,7 +14,8 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. """Check the permissions for the Mailman installation. @@ -73,6 +74,7 @@ DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH QFILEPERMS = S_ISGID | S_IRWXU | S_IRWXG PYFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ARTICLEFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP +PRIVATEPERMS = QFILEPERMS @@ -124,20 +126,25 @@ def checkwalk(arg, dirname, names): os.chown(path, -1, MAILMAN_GID) else: print - # all directories must be at least rwxrwsr-x. Don't check the private - # archive directory or database directory themselves since these are - # checked in checkarchives() and checkarchivedbs() below. + # Most directories must be at least rwxrwsr-x. + # The private archive directory and database directory must be at + # least rwxrws---. Their 'other' permissions are checked in + # checkarchives() and checkarchivedbs() below. Their 'user' and + # 'group' permissions are checked here. + # The directories under qfiles should be rwxrws---. Their 'user' and + # 'group' permissions are checked here. Their 'other' permissions + # aren't checked. private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR - if path == private or (os.path.commonprefix((path, private)) == private - and os.path.split(path)[1] == 'database'): - continue - # The directories under qfiles should have a more limited permission - if os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) == mm_cfg.QUEUE_DIR: + if path == private or \ + (os.path.commonprefix((path, private)) == private + and os.path.split(path)[1] == 'database'): + targetperms = PRIVATEPERMS + elif os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) \ + == mm_cfg.QUEUE_DIR: targetperms = QFILEPERMS - octperms = oct(targetperms) else: targetperms = DIRPERMS - octperms = oct(targetperms) + octperms = oct(targetperms) if S_ISDIR(mode) and (mode & targetperms) <> targetperms: arg.ERRORS += 1 print _('directory permissions must be %(octperms)s: %(path)s'), |