[Mailman-Developers] web-interface for site owner for mm 2.1.x
Mark Sapiro
mark at msapiro.net
Tue Apr 28 20:39:39 CEST 2015
On 04/28/2015 11:02 AM, Danil Smirnov wrote:
>
> Nope. She has serious reasons to avoid using cPanel's Mailman.
> So it was disabled in favor of standard Mailman installation.
> I can give more details but webpanel talk is irrelevant
> to the topic of this discussion.
Then if she is going to create lists and turn them over to others to
admin and the others are going to change the admin password so she
doesn't know it, there are two choices for removing the list short of
writing your own CGI or WSGI process to do it:
- there is the command line bin/rmlist tool
- you could modify Mailman/Cgi/rmlist.py and remove the 10 lines of code
starting with
# Be sure the list owners are not sneaking around!
if not mm_cfg.OWNERS_CAN_DELETE_THEIR_OWN_LISTS:
and ending with
return
which would then allow anyone who knows the site admin, site list
creator or list admin password to go to a URL like
http://example.com/mailman/rmlist/LISTNAME and remove the list.
If you wanted to limit it to only the site admin or site list creator
passwords, further down in the code, find
if mlist.Authenticate((mm_cfg.AuthCreator,
mm_cfg.AuthListAdmin,
mm_cfg.AuthSiteAdmin),
password) == mm_cfg.UnAuthorized:
and remove the
mm_cfg.AuthListAdmin,
line.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list