[Mailman-Users] install/setup conundrum

berto at gsbrgo.uchicago.edu berto at gsbrgo.uchicago.edu
Fri Sep 17 17:54:54 CEST 1999


After thinking paranoid thoughts, I decided to reinstall Mailman following
the advice not to do the configure and make install steps as root.

Okay, I redid the installation as the mailman account.  I ran bin/check_perms,
and no problems were reported.

Then I read the following:

    - You want to be very sure that the user id under which your CGI
      scripts run is *not* in the `mailman' group you created above,
      otherwise private archives will be accessible to anyone.

In the cgi-bin dir, all programs were mailman-owned.  mailman is a member
of the mailman group, of course.

What to do?  Okay, I reinstalled, this time using the bin account.  Then when
I ran bin/check_perms, I got a boatload of complaints about this and that
not being mailman-owned.

So, do I

--reinstall as mailman, and just ignore the warning above

--reinstall as mailman, and remove the mailman account from the mailman
  group, so that the /etc/group line is


--keep the installation as bin, use bin/check_perms to fix the problems
  as root, then hope for the best

--throw caution to the wind, and restore the original root installation
  (bad move, most likely)

What would you gurus advise?


Robert Osterlund, Unix Systems Manager                berto at gsbrgo.uchicago.edu
Grad School of Business, U of Chicago                       phone: 773/702-8898
1101 E. 58th Street, #309, Chicago, IL 60637, USA             fax: 773/702-0233

More information about the Mailman-Users mailing list