Ok, according to the docs, if the account that runs CGI scripts is a member of the mailman group, then private archives can be seen by everyone. This is a bad thing. However, in order for apache to update files in the mailman paths (like locks and such), these files have to be writable by the CGI user. So either the CGI user is a member of the mailman group, or the directory is left readable, writable, and executable by members not of the group! Hopefully, I'm missing something. Any ideas?
Thanks, ~Poster ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
