This is a little old, but I don't see any reply or "problem solved."
Peter Knowles writes:
I am writing my own archive reader script in PHP which parses the "maildir" content produced by the "prototype" archiver.
When I try to access the contents from "opt/mailman/mm/var/archives/prototype/LISTNAME/new" folder I get a permission denied error.
FYI, this is a OS issue, not a Mailman issue. The contents of that directory are probably owned by list:list (that's owner:group) on Debian-derived systems or mailman:mailman is also commonly seen. To find out the relevant users and groups, do 'ls -lR | less' on the archive from the top. I recommend a recursive ls because I've seen situations where the files are in fact readable, but the directory path is not searchable. In that case adding the +x bit to every directory on the path to 'new' will do the trick.[1]
The problem is that the users invoking your script are not that user or group. If the script will be invoked from the web server, you may want to add the web browser user (often www-data) to the mailman group.
If this will be invoked by a variety of users, you might prefer to make the script set gid list (or mailman or whatever.
The two approaches have slightly different security implications.
*** I'm using the "file_get_contents" PHP command to access the file. ***
This isn't relevant. Any access to the file would run into the same problem.
Footnotes: [1] For you technical geeks, it was a tightass umask of 0x7 for user home creation by root, while the mailman user was a more permissive 022. YMMV, I think that's paranoid.
-- University of Tsukuba Faculty of Policy and Planning Sciences Tennodai 1-1-1, Tsukuba 305-8573 JAPAN tel/fax: +81-29-853-5091 turnbull@sk.tsukuba.ac.jp https://turnbull.sk.tsukuba.ac.jp/