[Pkg-mailman-hackers] Bug#940858: mailman3: `mailman create` as root creates directory with wrong owner

Pierre-Elliott Bécue peb at debian.org
Fri Feb 21 20:56:23 GMT 2020 

Le samedi 21 septembre 2019 à 00:43:47+0200, Antoine Pietri a écrit :
> Source: mailman3
> Version: 3.2.1-1
> Severity: important
> 
> Dear Maintainer,
> 
> When using the command `mailman create` as root, it creates a folder in
> /var/lib/mailman3/lists/ with the root:root owner/group.
> 
> This then causes the following error that makes the mailing list unusable:
> 
> Sep 20 16:28:58 2019 (30951) Uncaught runner exception: [Errno 13] Permission denied: '/var/lib/mailman3/lists/ml.example.org/digest.mmdf'
> FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/mailman3/lists/ml.example.org/digest.mmdf'
> 
> 
> I think this command, when run as root, should create the directory with the
> appropriate owner/group (list:list), so that we don't have to chown the
> directory manually thereafter. Or at least tell us that we need to run this
> chown manually if mailman can't do it for some reason.
> 
> Thanks,
> 
> -- System Information:
> Debian Release: 10.1
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.19.0-6-amd64 (SMP w/1 CPU core)
> Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled

Hi,

Thanks for your bug report!

The main reason it's not obvious to act upon this is that it's Debian's
choice to run mailman3 as list:list, hence the program can't really
guess if being launched as root:root is normal or not. In my opinon one
should know the potential impact of running a program as a specific
user.

If you have an idea of a way to work upon that properly, I'm all ears.

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20200221/ae835c6d/attachment.sig>

More information about the Pkg-mailman-hackers mailing list