From e4230d6e20eaac6b0abff314ee143a12ffbdabc9 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Thu, 28 Jun 2007 10:26:13 -0700 Subject: check_perms checked archives/private/ and archives/private//database/ directories to make sure they didn't have certain 'other' permissions, but it didn't check these directories for the necessary user and group permissions. This is now fixed. --- bin/check_perms | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) (limited to 'bin') diff --git a/bin/check_perms b/bin/check_perms index 7c807745..b9926016 100755 --- a/bin/check_perms +++ b/bin/check_perms @@ -1,6 +1,6 @@ #! @PYTHON@ # -# Copyright (C) 1998-2005 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2007 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -14,7 +14,8 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. """Check the permissions for the Mailman installation. @@ -73,6 +74,7 @@ DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH QFILEPERMS = S_ISGID | S_IRWXU | S_IRWXG PYFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ARTICLEFILEPERMS = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP +PRIVATEPERMS = QFILEPERMS @@ -124,20 +126,25 @@ def checkwalk(arg, dirname, names): os.chown(path, -1, MAILMAN_GID) else: print - # all directories must be at least rwxrwsr-x. Don't check the private - # archive directory or database directory themselves since these are - # checked in checkarchives() and checkarchivedbs() below. + # Most directories must be at least rwxrwsr-x. + # The private archive directory and database directory must be at + # least rwxrws---. Their 'other' permissions are checked in + # checkarchives() and checkarchivedbs() below. Their 'user' and + # 'group' permissions are checked here. + # The directories under qfiles should be rwxrws---. Their 'user' and + # 'group' permissions are checked here. Their 'other' permissions + # aren't checked. private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR - if path == private or (os.path.commonprefix((path, private)) == private - and os.path.split(path)[1] == 'database'): - continue - # The directories under qfiles should have a more limited permission - if os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) == mm_cfg.QUEUE_DIR: + if path == private or \ + (os.path.commonprefix((path, private)) == private + and os.path.split(path)[1] == 'database'): + targetperms = PRIVATEPERMS + elif os.path.commonprefix((path, mm_cfg.QUEUE_DIR)) \ + == mm_cfg.QUEUE_DIR: targetperms = QFILEPERMS - octperms = oct(targetperms) else: targetperms = DIRPERMS - octperms = oct(targetperms) + octperms = oct(targetperms) if S_ISDIR(mode) and (mode & targetperms) <> targetperms: arg.ERRORS += 1 print _('directory permissions must be %(octperms)s: %(path)s'), -- cgit v1.2.3