[Mailman-Users] Passwords

Greg Connor gconnor at nekodojo.org
Mon Apr 12 01:10:28 CEST 1999

At 10:34 AM 4/11/99 -0400, gmelists wrote:
>Also, as mailman-owner, is there a master-password where I can review, or
>optionally make changes, to the mailing list configurations which
>individual list-owners have setup?

Yup, it's set with bin/mmsitepass, and you can use it in place of any other
admin password on your site.  

(I think this is in the INSTALL document... if you skimmed through it too
fast, you might want to check if there are other things that you may have
skipped, like setting the crontab--I missed that the first time)

>I have a user who has forgotten the administrative password which was
>setup for him.
>Is there any way to retrieve it?

I don't know of one, but I think you can reset it in the admin interface by
using your site password to get in, and again as the "old password".  Try it...

>Finally, a suggestion.  How difficult would it be to split up the database
>into separate components.  One for general configuration, one for privacy
>options, etc.  This would at least allow me to "lock out" any changes by
>chown'ing the .db file and making it owned by root or whatever so user
>mailman can't modify it; for example if I want a particular list to remain
>not visibile in the listinfo either due to subject or whatever reason, and
>I don't want the list-owner to accidentally set it public.

There is another approach that might be easier, because I suspect most
sites would not need this extra level of control...

Greg Stein posted this recipe for locking out "certain urls" in your Apache
config... This is different from locking out certain files, because it
allows you to set a password on certain "virtual paths" that are really
part of a script and not a physical directory.

><Location /mailman/private/the-archive>
>AuthName "admin-private archives"
>AuthType Basic
>AuthUserFile whatever
>Require user adminuser

For "Location" you could just as easily put "/mailman/admin/list1/general"
- which would further restrict access to the "general" page, but not the
"members" page, for example.  Restriction could be an additional http
password, or only allowing certain IP's, or whatever.  See the Apache
manual for more info on the syntax for Require and AuthType...

Good luck!

More information about the Mailman-Users mailing list