[Pkg-mailman-hackers] Bug#603904: Bug#603904: Fresh installation of mailman has wrong permissions, causes archiving to fail
Luca Gibelli
nervous at nervous.it
Wed Jul 18 12:06:43 UTC 2012
> > but if you chgrp the dir to "list", then the webserver cannot access it
> > any longer, because its permissions are drwxrws---.
> Yes, that’s correct. If you want that,
> sudo adduser www-data list
> not the other way round though.
By default, after installing mailman on debian wheezy, the dir is
chgrp'ed to www-data, that's why I suggested to add the user "list"
to the "www-data" group, not the other way around.
This looks like the safest option to me.
If you run fix_perms -f as you suggested, the dir is chgrp'ed to "list"
and then indeed you need to add the user "www-data" to the group "list"
to make the private archive work.
This means that any (php/perl/python) script running with the webserver
privileges can potentially read/write to /var/lib/mailman/data .
Good luck with that.
CiauZ!
--
Luca 'NERvOus' Gibelli (nervous at nervous.it || bofh at oltrelinux.com)
Home Page: http://www.nervous.it
BOFH excuse 4063:
* A plumber is needed, the network drain is clogged
More information about the Pkg-mailman-hackers
mailing list