Jim Popovitch wrote: > >OK, but just to be clear, those wrappers (default location is >/usr/local/mailman/cgi-bin) need to be accessible by the webserver. So, >is it safe to assume that only cgi-bin needs world read/executable >permissions? Can I "chmod -R o=" everything in /usr/local/mailman/ >except cgi-bin/ and mail/?
Not quite. The remaining issue is archives because public archives are the only things that are not accessed through a wrapper. That's an important access issue, i.e. forcing private archive access to be only via the 'private' wrapper/script which forces authentication. Because public archives are accessed directly by the web server via the 'pipermail' alias and the symlinks in archives/public, the archives/private/<listname>/ directories and their subordinate archive contents must be accessible by 'other', but the archives/private/ directory itself has permissions 02771 to prevent 'other' getting the names of the lists by reading the directory. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
