diff options
Diffstat (limited to 'bin/check_perms')
-rwxr-xr-x | bin/check_perms | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/bin/check_perms b/bin/check_perms index 7c807745..b9926016 100755 --- a/bin/check_perms +++ b/bin/check_perms @@ -1,6 +1,6 @@ #! @PYTHON@ # -# Copyright (C) 1998-2005 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2007 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -14,7 +14,8 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. """Check the permissions for the Mailman installation. @@ -73,6 +74,7 @@ DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH QFILEPERMS = S_ISGID | S_IRWXU | S_IRWXG PYFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ARTICLEFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP +PRIVATEPERMS = QFILEPERMS @@ -124,20 +126,25 @@ def checkwalk(arg, dirname, names): os.chown(path, -1, MAILMAN_GID) else: print - # all directories must be at least rwxrwsr-x. Don't check the private - # archive directory or database directory themselves since these are - # checked in checkarchives() and checkarchivedbs() below. + # Most directories must be at least rwxrwsr-x. + # The private archive directory and database directory must be at + # least rwxrws---. Their 'other' permissions are checked in + # checkarchives() and checkarchivedbs() below. Their 'user' and + # 'group' permissions are checked here. + # The directories under qfiles should be rwxrws---. Their 'user' and + # 'group' permissions are checked here. Their 'other' permissions + # aren't checked. private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR - if path == private or (os.path.commonprefix((path, private)) == private - and os.path.split(path)[1] == 'database'): - continue - # The directories under qfiles should have a more limited permission - if os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) == mm_cfg.QUEUE_DIR: + if path == private or \ + (os.path.commonprefix((path, private)) == private + and os.path.split(path)[1] == 'database'): + targetperms = PRIVATEPERMS + elif os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) \ + == mm_cfg.QUEUE_DIR: targetperms = QFILEPERMS - octperms = oct(targetperms) else: targetperms = DIRPERMS - octperms = oct(targetperms) + octperms = oct(targetperms) if S_ISDIR(mode) and (mode & targetperms) <> targetperms: arg.ERRORS += 1 print _('directory permissions must be %(octperms)s: %(path)s'), |