[ mailman-Bugs-1738710 ] Out-of-order install instructions (permissions)

SourceForge.net noreply at sourceforge.net
Sun Jun 17 19:57:41 CEST 2007


Bugs item #1738710, was opened at 2007-06-17 10:00
Message generated for change (Comment added) made by msapiro
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1738710&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: documentation
Group: 2.1 (stable)
>Status: Pending
Resolution: None
Priority: 5
Private: No
Submitted By: David Chase (dr2chase)
Assigned to: Nobody/Anonymous (nobody)
Summary: Out-of-order install instructions (permissions)

Initial Comment:
Quoting:

   Warning: You want to be very sure
   that the user id under which your
   CGI scripts run is not in the
   mailman group you created above,
   otherwise private archives will
   be accessible to anyone.

Problem #1: this is the first point in the
install instructions where this is so clearly
stated, far after the configure and make steps.
Yeah, sure, once upon a time we were supposed
to read all the instructions first before doing
anything, but more people will install and use
the software if you just put the steps in the
right order in the documentation.  Lots of other
products manage to get this right.

Problem #2: HOW IS THIS ACCOMPLISHED?  This
is important, right?  Why not spend a few words
on making sure people get it right?

Problem #3: This looks like exactly the sort
of boring mechanical thing that a computer is
good at.  Why is the human installer being
asked to check this?


----------------------------------------------------------------------

>Comment By: Mark Sapiro (msapiro)
Date: 2007-06-17 10:57

Message:
Logged In: YES 
user_id=1123998
Originator: NO

Problem #1 - It seems to me this is in the right place. It is under
'setting up your web server' which is where you configure the user under
which Mailman CGIs will run.

Problem #2 - Consult your web server documentation. Normally, your web
server is not running Mailman GGIs as the mailman user anyway unless you go
out of your way to make it do so.

Problem #3 - We have no idea what web server you are running or how to
find and parse its configuration file(s), so how can we check this
mechanically? We do check at run time in the CGI wrapper to be sure that
the wrapper is invoked with the group configured with --with-cgi-gid.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1738710&group_id=103


More information about the Mailman-coders mailing list