[Mailman-Users] CGI account shouldn't be part of mailman group, but...
Poster at aurora.cotse.net
Tue Jul 12 23:34:30 CEST 2005
Ok, according to the docs, if the account that runs CGI scripts is a
member of the mailman group, then private archives can be seen by
everyone. This is a bad thing. However, in order for apache to update
files in the mailman paths (like locks and such), these files have to
be writable by the CGI user. So either the CGI user is a member of the
mailman group, or the directory is left readable, writable, and
executable by members not of the group! Hopefully, I'm missing
something. Any ideas?
More information about the Mailman-Users