[Mailman-Users] You don't have permission to access/pipermail/onthis server.

Mark Sapiro msapiro at value.net
Mon Apr 24 02:04:27 CEST 2006


Noah wrote:
>
>I hear what you are saying but not completely understanding your analysis. 
>The point of the permissions and ownership changes is so the web server has
>access to the private directory.  And then to o-x the private directory keeps
>local users from accessing the private directories directly and reading
>private messages.
>
>Sounds like my permissions and ownership is set properly 
>drwxrws---  103 www      mailman  2560 Apr 21 21:49 private


The point is that with some browsers and web servers (probably not with
Apache) if the web server can read and search the private/ directory,
it can serve pages in the private/ directory via a url like
<http://www.example.com/pipermail/../private/list> where list's
archives are private - i.e., they don't have symlinks in the public/
directory. Thus, you do not want to give the web server access to the
private/ directory itself.

In order to keep private archives private, you must require that they
cannot be accessed directly by the web server.

The theory is that the private directory is inaccessable to the web
server, but the sub directories referenced by the public/ directory
symlinks are not. Thus the web server is prevented from direct access
to archives through a path which includes the private/ directory.

The o-rx on the private directory is primarily to keep the web server
out of private archives, not to keep local users out.

Ideally, public access to the archives would work if the permissions
and ownership on the private/ directory were

1)
drwxrws---  103 mailman  mailman  2560 Apr 21 21:49 private

This doesn't work in your case (probably not in any case), so the next
best thing is

2)
drwxrws--x  103 mailman  mailman  2560 Apr 21 21:49 private

even though check_perms complains. changing ownership and perms to

3)
drwxrws---  103 www      mailman  2560 Apr 21 21:49 private

is in fact less secure in terms of what check_perms complains about
than is 2), even though check_perms doesn't complain about 3).

Whether or not 3) or even 2) is subject to serving private archive
pages through cleverly crafted URLs depends on the web server, and it
isn't necessarily an issue in every case (and I don't think it is with
recent Apache, but I'd love to hear from someone who knows more about
this). Thus, your installation may be perfectly fine with 3). But, if
the only reason you prefer 3) to 2) is that check_perms doesn't
complain about 3), that is a check_perms issue. 2) is better - only
slightly better, but better.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list