[Mailman-Users] You don't have permission to access /pipermail/ onthis server.

Mark Sapiro msapiro at value.net
Sun Apr 23 19:17:06 CEST 2006


Noah wrote off list:

>after a 'chmod o+x private/' the public and private mailman archives are visible.
>
>but now when I run the bin/check_perms -f I see the following warning:
>
># ./check_perms -f
>Warning: Private archive directory is other-executable (o+x).
>        This could allow other users on your system to read private archives.
>        If you're on a shared multiuser system, you should consult the
>        installation manual on how to fix this.

And now writes:

>I never found anything in the intsallation manual as the check_perms message
>suggests.


I agree that this is not addressed well in the manual.


>but what I did do was remove all other permissions and put the ownership of
>the private directory to www to solve the problem.  check_perms works well now.
>
># ls -l
>total 6
>drwxrws---  103 www      mailman  2560 Apr 21 21:49 private
>drwxrwsr-x    2 mailman  mailman  1536 Apr 21 21:49 public


Actually, regardless of check_perms complaints or lack thereof,

drwxrws---  103 www      mailman  2560 Apr 21 21:49 private

is worse than

drwxrws--x  103 mailman  mailman  2560 Apr 21 21:49 private

The latter only allows the web browser to search the private directory,
while the former allows it to read it as well.

I'm not 100% certain about this, but I think the o+x on the private
directory /is/ required in at least some OSs for the symlinks from
public/* to private/* to work.

Also, the Makefile that creates archives/private has created it with
o+x for many years.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list