On Tue, Mar 14, 2006 at 09:23:13AM -0600, Max Bowsher wrote: > Mailman's postinst currently contains the following command:
> chmod o-r,o+x /var/lib/mailman/archives/private > The effect of o+x permissions on this directory is that ANY local > user has read access to ALL mailman mail archives, if they know or > can guess the name of the list. > The purpose of the o+x permissions is to allow www-data to serve up > the public archives. Yup. > Perhaps a method could be found which doesn't involve granting world > access to the archives? We're open to suggestions. That thing must be group list so that mailman can write there. Putting www-data as user would give www-data too much power there. We cannot put the files themselves non world readable, as Apache won't serve anything that isn't world-readable as far as I remember. The same holds for putting www-data in group list. If we could rely on file ACLs, it would be easier... -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
