[Mailman-Users] You don't have permission to access /pipermail/onthis server.

Mark Sapiro msapiro at value.net
Sun Apr 23 20:49:12 CEST 2006


Noah wrote:
>
>Well the sym links appear to work fine from an apache/browser perspective.  I
>dont think there has been any problems yet. 
>
>archiving appears to be working properly for both public and private archives.


The issue is not whether one or the other will work or not from the
Apache perspective or the archiving perspective. The issue is which
provides more security for private archives to be secure from public
access via the web server.

The point is that making the web server effective uid ('www' in your
case) the owner of the archives/private/ directory, gives the web
server more access than making the directory o+x.

Ideally, the archives/private directory should be o-rx, but this
apparently is not workable, at least in some configurations, so o+x is
the next best thing,


>> Also, the Makefile that creates archives/private has created it with
>> o+x for many years.
>
>
>thanks for the information.  appears that there should be some consistency
>between the Makefile and the check_perm's warnings though.


You're right about that.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list