On Wed, Mar 15, 2006 at 11:05:34AM +0000, Roger Lynn wrote: > On 15/03/2006 07:34, Lionel Elie Mamane wrote:
>> We're open to suggestions. That thing must be group list so that >> mailman can write there. Putting www-data as user would give >> www-data too much power there. We cannot put the files themselves >> non world readable, as Apache won't serve anything that isn't >> world-readable as far as I remember. The same holds for putting >> www-data in group list. > Could the world read and execute permissions be set on a per list > basis? So the world read and execute permissions would be added to > the archives/private/list/ and archives/private/list.mbox/ > directories when a list's archives are made public and removed when > they are made private, at the same time as the archives/public/list > links are created and removed. Ah yes, I see. Only the public archives need to be readable by Apache; the private archives are served via the cgi-bin mailman/private, that runs as group "list". Your solution would work, yes. Another solution would be serving _all_ archives via mailman/private (and all of them non-world readable), where "private" simply doesn't require authentication if the archive is public. > Does anything other than the web server rely on world permissions to > access these files? I don't think so. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
