[Mailman-Users] You don't have permission to access /pipermail/onthis server.

Noah admin2 at enabled.com
Mon Apr 24 00:38:11 CEST 2006


On Sun, 23 Apr 2006 11:49:12 -0700, Mark Sapiro wrote
> Noah wrote:
> >
> >Well the sym links appear to work fine from an apache/browser perspective.  I
> >dont think there has been any problems yet. 
> >
> >archiving appears to be working properly for both public and private archives.
> 
> The issue is not whether one or the other will work or not from the
> Apache perspective or the archiving perspective. The issue is which
> provides more security for private archives to be secure from public
> access via the web server.
> 
> The point is that making the web server effective uid ('www' in your
> case) the owner of the archives/private/ directory, gives the web
> server more access than making the directory o+x.


Hey there Mark,

I hear what you are saying but not completely understanding your analysis. 
The point of the permissions and ownership changes is so the web server has
access to the private directory.  And then to o-x the private directory keeps
local users from accessing the private directories directly and reading
private messages.

Sounds like my permissions and ownership is set properly 
drwxrws---  103 www      mailman  2560 Apr 21 21:49 private


Cheers,

Noah


> 
> Ideally, the archives/private directory should be o-rx, but this
> apparently is not workable, at least in some configurations, so o+x 
> is the next best thing,
> 
> >> Also, the Makefile that creates archives/private has created it with
> >> o+x for many years.
> >
> >
> >thanks for the information.  appears that there should be some consistency
> >between the Makefile and the check_perm's warnings though.
> 
> You're right about that.
> 
> -- 
> Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list