Bugs item #1738710, was opened at 2007-06-17 10:00 Message generated for change (Comment added) made by msapiro You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1738710&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: documentation Group: 2.1 (stable)
Status: Pending Resolution: None Priority: 5 Private: No Submitted By: David Chase (dr2chase) Assigned to: Nobody/Anonymous (nobody) Summary: Out-of-order install instructions (permissions)
Initial Comment: Quoting: Warning: You want to be very sure that the user id under which your CGI scripts run is not in the mailman group you created above, otherwise private archives will be accessible to anyone. Problem #1: this is the first point in the install instructions where this is so clearly stated, far after the configure and make steps. Yeah, sure, once upon a time we were supposed to read all the instructions first before doing anything, but more people will install and use the software if you just put the steps in the right order in the documentation. Lots of other products manage to get this right. Problem #2: HOW IS THIS ACCOMPLISHED? This is important, right? Why not spend a few words on making sure people get it right? Problem #3: This looks like exactly the sort of boring mechanical thing that a computer is good at. Why is the human installer being asked to check this? ----------------------------------------------------------------------
Comment By: Mark Sapiro (msapiro) Date: 2007-06-17 10:57
Message: Logged In: YES user_id=1123998 Originator: NO Problem #1 - It seems to me this is in the right place. It is under 'setting up your web server' which is where you configure the user under which Mailman CGIs will run. Problem #2 - Consult your web server documentation. Normally, your web server is not running Mailman GGIs as the mailman user anyway unless you go out of your way to make it do so. Problem #3 - We have no idea what web server you are running or how to find and parse its configuration file(s), so how can we check this mechanically? We do check at run time in the CGI wrapper to be sure that the wrapper is invoked with the group configured with --with-cgi-gid. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1738710&group_id=103