1 files changed, 19 insertions, 12 deletions

diff --git a/bin/check_perms b/bin/check_perms
index 7c807745..b9926016 100755
--- a/bin/check_perms
+++ b/bin/check_perms
@@ -1,6 +1,6 @@
 #! @PYTHON@
 #
-# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -14,7 +14,8 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA.
 
 """Check the permissions for the Mailman installation.
 
@@ -73,6 +74,7 @@ DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH
 QFILEPERMS = S_ISGID | S_IRWXU | S_IRWXG
 PYFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
 ARTICLEFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
+PRIVATEPERMS = QFILEPERMS
 
 
 
@@ -124,20 +126,25 @@ def checkwalk(arg, dirname, names):
                 os.chown(path, -1, MAILMAN_GID)
             else:
                 print
-        # all directories must be at least rwxrwsr-x.  Don't check the private
-        # archive directory or database directory themselves since these are
-        # checked in checkarchives() and checkarchivedbs() below.
+        # Most directories must be at least rwxrwsr-x.
+        # The private archive directory  and database directory must be at
+        # least rwxrws---.  Their 'other' permissions are checked in
+        # checkarchives() and checkarchivedbs() below.  Their 'user' and
+        # 'group' permissions are checked here.
+        # The directories under qfiles should be rwxrws---.  Their 'user' and
+        # 'group' permissions are checked here.  Their 'other' permissions
+        # aren't checked.
         private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR
-        if path == private or (os.path.commonprefix((path, private)) == private
-                               and os.path.split(path)[1] == 'database'):
-            continue
-        # The directories under qfiles should have a more limited permission
-        if os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) == mm_cfg.QUEUE_DIR:
+        if path == private or \
+                  (os.path.commonprefix((path, private)) == private
+                   and os.path.split(path)[1] == 'database'):
+            targetperms = PRIVATEPERMS
+        elif os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) \
+              == mm_cfg.QUEUE_DIR:
             targetperms = QFILEPERMS
-            octperms = oct(targetperms)
         else:
             targetperms = DIRPERMS
-            octperms = oct(targetperms)
+        octperms = oct(targetperms)
         if S_ISDIR(mode) and (mode & targetperms) <> targetperms:
             arg.ERRORS += 1
             print _('directory permissions must be %(octperms)s: %(path)s'),