[Mailman-Users] List marked private, still accessible from web?
msapiro at value.net
Tue May 2 00:39:40 CEST 2006
Michael Urashka wrote:
>About a year ago I set up 3 lists. I was fairly certain I set
>up 2 of the lists as private and 1 as public.
I assume you're talking about archives here.
>A couple weeks ago
>we discovered that all three were set to public (looking in the web
>admin interface). Now I'm not certain if somehow I didn't originally set
>them private. We've upgraded Mailman at least once in this time, not
>sure if that could possibly have affected the settings but I should think
Upgrading Mailman shouldn't change a list's archive from private to
public or vice versa. I haven't heard of this failing.
>Anyway, we then toggled the 2 lists we wanted back to private, but
>searching Google I am able to find a couple posts.
The posts were indexed in Google while the archive was public, but with
a 'pipermail' URL that won't work. They will eventually disappear from
>to the Mailman-run web site for one of the mailing lists (the page
>people can subscribe from or view the archives, etc), when one clicks
>one the Archives, one isn't prompted
>for authentication and just gets the /mailman/private/list archive pages
>(listed by month: thread/author/subject/date) and one is able to click
>and read the archives.
Most likely because you previously authorized as the list admin (or a
list member) during that browser session and still have the
>I attempted to rebuild the archives with the arch command but that
>appears to not have the desired affect.
>Running check_perms showed that the /private archives had the +x for
>'other' set so I toggled that to -x.
This will probably break access to your remainin public archive via the
'pipermail' URL. If it doesn't, that's great - leave it o-x, but I
think you'll probably need to put it back to o+x to access public
archives via the 'pipermail URL.
>I can still go to the list archives page and view the private archives
o+x or o-x on the archives/private directory will have no effect on
private archive access. I still think you are able to access the
private archive without authorizing because of a saved cookie from
prior authorization in the browser session.
>I was wondering what the best way to limit viewing of these pages from
>the outside public but allow list members to still have access to the
Making the archive private should do it.
>Is there something obvious I am missing?
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users