Hello,
Is $vendor's mailman pkg doing something wrong:
~$ ls -al /usr/lib/cgi-bin/mailman/create -rwxr-sr-x 1 root list 14368 Oct 27 18:23 create
It seems to me that cgi-bin's owned by root are a no-no. Is that correct?
Thx,
-Jim P.
Jim Popovitch writes:
Hello,
Is $vendor's mailman pkg doing something wrong:
~$ ls -al /usr/lib/cgi-bin/mailman/create -rwxr-sr-x 1 root list 14368 Oct 27 18:23 create
No, that's standard setup. Assuming /usr/lib/cgi-bin/mailman has the right ownership and permissions (typically root:list drwxr-xr-x), root ownership prevents anyone else (including the list user or group) from changing or deleting that file, but those permissions don't give the program any special power when run.
The empowering thing is the "r-s" in the middle. That means that the executable will always get the permissions of the list group when run (of course if root runs it, it has all permissions). That is just enough to do its job, as the various directories and files it needs to mutate will also have group list and permission "rw?" for group.
participants (2)
-
Jim Popovitch -
Stephen J. Turnbull