From 9c90ef26496b88c365be570af36498ba8835858b Mon Sep 17 00:00:00 2001
From: bwarsaw
Date: Wed, 9 May 2001 16:49:07 +0000
Subject: checkperms(): Postfix-specific permission checks: make sure the
 aliases.db file is perm'd 066x and that it's owned by root.  The
 group-ownership by mailman is already checked by check_perms.

---
 Mailman/MTA/Postfix.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

(limited to 'Mailman/MTA')

diff --git a/Mailman/MTA/Postfix.py b/Mailman/MTA/Postfix.py
index 3155b00ea..5a993d46d 100644
--- a/Mailman/MTA/Postfix.py
+++ b/Mailman/MTA/Postfix.py
@@ -23,8 +23,15 @@ import os
 import socket
 import time
 import dbhash
+import errno
+import pwd
+import grp
+from stat import *
 
 from Mailman import mm_cfg
+from Mailman.i18n import _
+
+DBFILE = os.path.join(mm_cfg.DATA_DIR, 'aliases.db')
 
 
 
@@ -60,7 +67,7 @@ def _rmlist(listname, db):
 
 def create(mlist):
     listname = mlist.internal_name()
-    db = dbhash.open(os.path.join(mm_cfg.DATA_DIR, 'aliases.db'), 'c')
+    db = dbhash.open(DBFILE, 'c')
     _addlist(listname, db)
     db.sync()
 
@@ -68,6 +75,45 @@ def create(mlist):
 
 def remove(mlist):
     listname = mlist.internal_name()
-    db = dbhash.open(os.path.join(mm_cfg.DATA_DIR, 'aliases.db'), 'c')
+    db = dbhash.open(DBFILE, 'c')
     _rmlist(listname, db)
     db.sync()
+
+
+
+def checkperms(state):
+    targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
+    if state.VERBOSE:
+        print _('checking permissions on %(DBFILE)s')
+    try:
+        stat = os.stat(DBFILE)
+    except OSError, e:
+        if e.errno <> errno.ENOENT: raise
+        return
+    if (stat[ST_MODE] & targetmode) <> targetmode:
+        state.ERRORS += 1
+        octmode = oct(stat[ST_MODE])
+        print _('%(DBFILE)s permissions must be 066x (got %(octmode)s)'),
+        if state.FIX:
+            print _('(fixing)')
+            os.chmod(DBFILE, mode | targetmode)
+        else:
+            print
+    # Make sure the aliases.db is owned by root.  We don't need to check the
+    # group ownership of the file, since check_perms checks this itself.
+    if state.VERBOSE:
+        print _('checking ownership of %(DBFILE)s')
+    rootuid = pwd.getpwnam('root')[2]
+    ownerok = stat[ST_UID] == rootuid
+    if not ownerok:
+        try:
+            owner = pwd.getpwuid(stat[ST_UID])[0]
+        except KeyError:
+            owner = 'uid %d' % stat[ST_UID]
+        print _('%(DBFILE)s owned by %(owner)s (must be owned by root)')
+        state.ERRORS += 1
+        if state.FIX:
+            print _('(fixing)')
+            os.chown(DBFILE, rootuid, mm_cfg.MAILMAN_GID)
+        else:
+            print
-- 
cgit v1.2.3-70-g09d2