Bugs item #585229, was opened at 2002-07-22 22:03 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=585229&group_id=103

Category: configuring/installing Group: 2.1 beta Status: Open Resolution: None Priority: 5 Submitted By: Paul Marshall (paulmarshll) Assigned to: Nobody/Anonymous (nobody) Summary: opening holes by changing permissions?

Initial Comment: I was having problems adding a list in Mailman 2.1beta via the web interface, it was giving me an error regarding permissions to the mailman/data/aliases.db file.

This is the error I got:

... File "/var/mailman/Mailman/MTA/Postfix.py", line 46, in _update_maps raise RuntimeError, msg % (acmd, status, errstr) RuntimeError: command failed: /usr/sbin/postalias /var/mailman/data/aliases (status: 1, Operation not permitted)

To fix this I changed the permissions on this file so apache could write to it.

chmod a+w aliases.db

This did fix the problem of creating and deleting lists via the web interface.

Does anyone know if this would open up any security holes?

Is there another way to fix the permissions problem that is more logical?

Thanks for your help.

Paul Marshall

Comment By: Paul Marshall (paulmarshll) Date: 2002-07-24 10:44

Message: Logged In: YES user_id=582441

Thanks for the help bwarsaw, its working now and I don't have a+w on aliases.db

Paul

Comment By: Barry A. Warsaw (bwarsaw) Date: 2002-07-24 10:28

Message: Logged In: YES user_id=12800

You shouldn't need to do this if you've followed the directions in README.POSTFIX. The key issue is that aliases and aliases.db must be group owned by `mailman' and must be group writeable. Since the cgi scripts are setgid mailman Apache should have no problems writing the file. And since Postfix filter prog is also setgid mailman, it should have no problems either.

You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=585229&group_id=103