Ubuntu
mailman package

check_perms is effectively broken or useless in mailman packaging

Bug #1266288 reported by Thufir
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mailman (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

The permissions are wrong:

thufir@dur:~$
thufir@dur:~$
thufir@dur:~$ sudo apt-get purge mailman
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  mailman*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 35.0 MB disk space will be freed.
Do you want to continue [Y/n]?
(Reading database ... 237675 files and directories currently installed.)
Removing mailman ...
 * Stopping Mailman master qrunner mailmanctl PID unreadable in: /var/run/mailman/mailman.pid
[Errno 2] No such file or directory: '/var/run/mailman/mailman.pid'
Is qrunner even running?
                                                                                                  [ OK ]
find: `/usr/lib/mailman': No such file or directory
Purging configuration files for mailman ...
find: `/usr/lib/mailman': No such file or directory
Purging files from ucf database ............................................... done.
dpkg: warning: while removing mailman, directory '/var/lib/mailman/archives/private' not empty so not removed
dpkg: warning: while removing mailman, directory '/var/lib/mailman/archives/public' not empty so not removed
dpkg: warning: while removing mailman, directory '/var/lib/mailman/qfiles' not empty so not removed
dpkg: warning: while removing mailman, directory '/var/lib/mailman/lists' not empty so not removed
Processing triggers for ureadahead ...
Processing triggers for man-db ...
thufir@dur:~$
thufir@dur:~$ sudo rm -rf /var/lib/mailman/
thufir@dur:~$
thufir@dur:~$ sudo apt-get install mailman
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  spamassassin lynx listadmin
The following NEW packages will be installed:
  mailman
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/10.2 MB of archives.
After this operation, 35.0 MB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously unselected package mailman.
(Reading database ... 233594 files and directories currently installed.)
Unpacking mailman (from .../mailman_1%3a2.1.16~rc2-1_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up mailman (1:2.1.16~rc2-1) ...
Looking for enabled languages (this may take some time) ... done.
Installing site language en ............................................ done.
Configuring mailman for domain dur.bounceme.net ...
Upgrading from version 0x0 to 0x20110c2
getting rid of old source files
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match mailman Default-Stop values (none)
 * Site list for mailman missing (looking for list named 'mailman').
 * Please create it; until then, mailman will refuse to start.
Processing triggers for ureadahead ...
thufir@dur:~$
thufir@dur:~$ sudo newlist mailman
Enter the email of the person running the list: <email address hidden>
Initial mailman password:
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:

## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Hit enter to notify mailman owner...

thufir@dur:~$
thufir@dur:~$ sudo /usr/lib/mailman/bin/check_perms -f
directory must be at least 02775: /var/lib/mailman/logs (fixing)
/var/lib/mailman/cron bad group (has: root, expected list) (fixing)
/var/lib/mailman/logs bad group (has: root, expected list) (fixing)
/var/lib/mailman/icons bad group (has: root, expected list) (fixing)
directory permissions must be 02775: /var/lib/mailman/messages (fixing)
/var/lib/mailman/mail bad group (has: root, expected list) (fixing)
/var/lib/mailman/locks bad group (has: root, expected list) (fixing)
/var/lib/mailman/Mailman bad group (has: root, expected list) (fixing)
/var/lib/mailman/cgi-bin bad group (has: root, expected list) (fixing)
/var/lib/mailman/templates bad group (has: root, expected list) (fixing)
/var/lib/mailman/bin bad group (has: root, expected list) (fixing)
/var/lib/mailman/scripts bad group (has: root, expected list) (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sk (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/uk (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/nl (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ru (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/it (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ro (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/vi (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ca (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/et (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/tr (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/el (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ia (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/da (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ja (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/pt (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/eu (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/hu (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/fi (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sv (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/gl (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/hr (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ar (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/no (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/fa (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/fr (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/zh_TW (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ko (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/cs (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/de (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sr (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sl (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/pl (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/es (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/lt (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/pt_BR (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/he (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/zh_CN (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ast (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sk/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/uk/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/nl/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ru/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/it/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ro/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/vi/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ca/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/et/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/tr/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/el/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ia/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/da/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ja/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/pt/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/eu/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/hu/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/fi/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sv/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/gl/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/hr/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ar/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/no/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/fa/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/fr/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/zh_TW/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ko/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/cs/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/de/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sr/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/sl/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/pl/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/es/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/lt/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/pt_BR/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/he/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/zh_CN/LC_MESSAGES (fixing)
directory permissions must be 02775: /var/lib/mailman/messages/ast/LC_MESSAGES (fixing)
/var/lib/mailman/archives/private bad group (has: www-data, expected list) (fixing)
/var/lib/mailman/archives/private/mailman.mbox bad group (has: www-data, expected list) (fixing)
/var/lib/mailman/archives/private/mailman bad group (has: www-data, expected list) (fixing)
/var/lib/mailman/archives/private/mailman/index.html bad group (has: www-data, expected list) (fixing)
Problems found: 92
Re-run as list (or root) with -f flag to fix
thufir@dur:~$
thufir@dur:~$ sudo /usr/lib/mailman/bin/check_perms -f
/var/lib/mailman/cron bad group (has: root, expected list) (fixing)
/var/lib/mailman/logs bad group (has: root, expected list) (fixing)
/var/lib/mailman/icons bad group (has: root, expected list) (fixing)
/var/lib/mailman/mail bad group (has: root, expected list) (fixing)
/var/lib/mailman/locks bad group (has: root, expected list) (fixing)
/var/lib/mailman/Mailman bad group (has: root, expected list) (fixing)
/var/lib/mailman/cgi-bin bad group (has: root, expected list) (fixing)
/var/lib/mailman/templates bad group (has: root, expected list) (fixing)
/var/lib/mailman/bin bad group (has: root, expected list) (fixing)
/var/lib/mailman/scripts bad group (has: root, expected list) (fixing)
Problems found: 10
Re-run as list (or root) with -f flag to fix
thufir@dur:~$
thufir@dur:~$ sudo /usr/lib/mailman/bin/check_perms -f
/var/lib/mailman/cron bad group (has: root, expected list) (fixing)
/var/lib/mailman/logs bad group (has: root, expected list) (fixing)
/var/lib/mailman/icons bad group (has: root, expected list) (fixing)
/var/lib/mailman/mail bad group (has: root, expected list) (fixing)
/var/lib/mailman/locks bad group (has: root, expected list) (fixing)
/var/lib/mailman/Mailman bad group (has: root, expected list) (fixing)
/var/lib/mailman/cgi-bin bad group (has: root, expected list) (fixing)
/var/lib/mailman/templates bad group (has: root, expected list) (fixing)
/var/lib/mailman/bin bad group (has: root, expected list) (fixing)
/var/lib/mailman/scripts bad group (has: root, expected list) (fixing)
Problems found: 10
Re-run as list (or root) with -f flag to fix
thufir@dur:~$

I don't know why they're wrong. see also:

http://askubuntu.com/questions/400592/var-lib-mailman-cgi-bin-bad-group-has-root-expected-list-fixing

or

http://askubuntu.com/questions/400592/

Granted, I've removed and re-installed mailman more than once, but can't imagine what the underlying problem is -- hence the bug report.

Revision history for this message
Robie Basak (racb) wrote :

Thank you for reporting this bug and helping to make Ubuntu better.

I can see that running check_perms myself does warn of problems on a freshly installed system.

Is there a specific problem that you're facing here, or is it just that /usr/lib/mailman/bin/check_perms doesn't like the default packaged permissions?

Is there any Debian or Ubuntu specific documentation that tells you to run this command, or could it just be that the upstream-supplied program is not aware of Debian/Ubuntu packaging specifics with respect to permissions? Is the bug here just that the packaging shouldn't supply the check_perms command as it makes no sense to run it on a mailman system provided by packaging?

Or, otherwise, can you please provide a test case for actual functionality that appears broken as a result of supposedly broken permissions?

Changed in mailman (Ubuntu):
status: New → Incomplete
Revision history for this message
Mark Sapiro (msapiro) wrote :

In the upstream Debian package, these entries in /var/lib/mailman are actually symlinks as

lrwxrwxrwx 1 root root 20 Jul 17 2012 bin -> /usr/lib/mailman/bin/
lrwxrwxrwx 1 root root 24 Jul 17 2012 cgi-bin -> /usr/lib/cgi-bin/mailman/
lrwxrwxrwx 1 root root 21 Jul 17 2012 cron -> /usr/lib/mailman/cron/
lrwxrwxrwx 1 root root 25 Jul 17 2012 icons -> /usr/share/images/mailman/
lrwxrwxrwx 1 root root 17 Jul 17 2012 locks -> /var/lock/mailman/
lrwxrwxrwx 1 root root 16 Jul 17 2012 logs -> /var/log/mailman/
lrwxrwxrwx 1 root root 21 Jul 17 2012 mail -> /usr/lib/mailman/mail/
lrwxrwxrwx 1 root root 24 Jul 17 2012 Mailman -> /usr/lib/mailman/Mailman/
lrwxrwxrwx 1 root root 24 Jul 17 2012 scripts -> /usr/lib/mailman/scripts/
lrwxrwxrwx 1 root root 12 Jul 17 2012 templates -> /etc/mailman/

check_perms is not designed to handle symlinks. It looks at the ownership and mode of the symlink itself and complains and then, if requested, fixes the target. Thus, it never "fixes" the symlink which it can't do anyway.

Other than the complaint from check_perms, this is not a problem as the ownership and mode of the symlink itself is irrelevant in practice.

Revision history for this message
Mark Sapiro (msapiro) wrote :

I have looked at this a bit more deeply, and while all I said in comment 2 is correct, there is another issue. Essentially all the issues reported by check_perms are innocuous and just reflect differences between "the Debian way" and standard GNU Mailman, these "fixes"

/var/lib/mailman/archives/private bad group (has: www-data, expected list) (fixing)
/var/lib/mailman/archives/private/mailman.mbox bad group (has: www-data, expected list) (fixing)
/var/lib/mailman/archives/private/mailman bad group (has: www-data, expected list) (fixing)
/var/lib/mailman/archives/private/mailman/index.html bad group (has: www-data, expected list) (fixing)

will break public archive access. This is because the standard recommended ownership and mode for /var/lib/mailman/archives/private would be

drwxrws--- www-data list

but the Debian way is

drwxrws--- list www-data

While this might work, check_perms will change it to

drwxrws--- list list

which won't allow the web server to access public archives. See the Warning at <http://www.list.org/mailman-install/node9.html> for more detail.

The bottom line is the standard check_perms should not be run against the Debian/Ubuntu package. Debian should either drop check_perms from the package or fix it to follow the Debian way.

Revision history for this message
Robie Basak (racb) wrote :

Thank you for looking into this, Mark.

I guess we can retain this bug to fix or remove check_perms, though this should be verified and then forwarded to Debian.

summary: - cannot install permissions correctly
+ check_perms is effectively broken or useless in mailman packaging
Changed in mailman (Ubuntu):
status: Incomplete → Triaged
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.