[Mailman-Users] Confused about data/aliases* permissions
Mark Sapiro
msapiro at value.net
Sun Dec 11 18:10:32 CET 2005
Peter Seibel wrote:
>
>Hmmm, it seems that chmod'ing data/aliases.db to 0660 does the trick--
>now I can create lists both from the command line as a member of the
>mailman group and from the web. Is that the correct fix?
Yes, it is. The mail wrapper and the various cgi-bin wrappers are all
SETGID mailman. This is the basis of Mailman's security. The wrappers
test to see that they were invoked by the appropriate group (built in
by configure), and run as group mailman. Thus files should usually be
group mailman and have any requisite permissions at the group level as
well as the owner. See
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.016.htp>
for more detail on this.
The real issue is bin/check_perms doesn't check aliases.db. This is a
known problem; see
<https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1204386&group_id=103>.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list