diff options
| author | bwarsaw | 1999-07-09 23:36:38 +0000 |
|---|---|---|
| committer | bwarsaw | 1999-07-09 23:36:38 +0000 |
| commit | 4b28f84f1b76e508c8d9e88ad0efaeefc462d5a2 (patch) | |
| tree | 8aef1c1507b6a2f09218f7cce4ed8148f6331ded /bin/check_perms | |
| parent | f83fae3c6ec3e0515f73c6e74b412d4985e291b5 (diff) | |
| download | mailman-4b28f84f1b76e508c8d9e88ad0efaeefc462d5a2.tar.gz mailman-4b28f84f1b76e508c8d9e88ad0efaeefc462d5a2.tar.zst mailman-4b28f84f1b76e508c8d9e88ad0efaeefc462d5a2.zip | |
checkadminpw(): Check the permissions on data/adm.pw, which now must
be 0640. We'd like to restrict the permissions as much as possible,
but group mailman must be able to read the file, or site-password
override in the Web interfaces won't work.
Diffstat (limited to '')
| -rwxr-xr-x | bin/check_perms | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/bin/check_perms b/bin/check_perms index 6918ab39c..d965bc56e 100755 --- a/bin/check_perms +++ b/bin/check_perms @@ -17,11 +17,10 @@ import getopt import grp from stat import * import paths -import Mailman.mm_cfg +from Mailman import mm_cfg MAILMAN_GRPNAME = 'mailman' MAILMAN_GID = grp.getgrnam(MAILMAN_GRPNAME)[2] -PREFIX = Mailman.mm_cfg.PREFIX PROGRAM = sys.argv[0] @@ -74,12 +73,11 @@ def checkwalk(arg, dirname, names): print def checkall(): - os.path.walk(PREFIX, checkwalk, STATE) + os.path.walk(mm_cfg.PREFIX, checkwalk, STATE) def checkarchives(): - archives = os.path.join(PREFIX, 'archives') - private = os.path.join(archives, 'private') + private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR if STATE.VERBOSE: print 'checking perms on', private # private archives must not be other readable @@ -95,10 +93,9 @@ def checkarchives(): def checkcgi(): - cgibin = os.path.join(PREFIX, 'cgi-bin') - exes = os.listdir(cgibin) + exes = os.listdir(mm_cfg.CGI_DIR) for f in exes: - path = os.path.join(cgibin, f) + path = os.path.join(mm_cfg.CGI_DIR, f) if STATE.VERBOSE: print 'checking set-gid for', path mode = statmode(path) @@ -112,7 +109,7 @@ def checkcgi(): print def checkmail(): - wrapper = os.path.join(PREFIX, 'mail', 'wrapper') + wrapper = os.path.join(mm_cfg.WRAPPER_DIR, 'wrapper') if STATE.VERBOSE: print 'checking set-gid for', wrapper mode = statmode(wrapper) @@ -123,6 +120,19 @@ def checkmail(): print '(fixing)' os.chmod(wrapper, mode | S_ISGID) +def checkadminpw(): + adminpw = os.path.join(mm_cfg.DATA_DIR, 'adm.pw') + targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP + if STATE.VERBOSE: + print 'checking perms on', adminpw + mode = statmode(adminpw) + if mode <> targetmode: + STATE.ERRORS = STATE.ERRORS + 1 + print adminpw, 'permissions must be exactly 0640 (got %s)' % oct(mode) + if STATE.FIX: + print '(fixing)' + os.chmod(adminpw, targetmode) + def usage(code=0, msg=''): print __doc__ % globals() @@ -151,6 +161,7 @@ if __name__ == '__main__': checkarchives() checkcgi() checkmail() + checkadminpw() if not STATE.ERRORS: print 'No problems found' |