[Mailman-Users] Permissions on Mailman Archive Directory
Mark Sapiro
mark at msapiro.net
Thu Feb 17 23:01:08 CET 2011
Barry Finkel wrote:
>I have a question about permissions for the archive directory.
>I am migrating my Mailman server from an Ubuntu Dapper server
>on which I installed my own package, built from the SourceForge
>source, to an Ubuntu Lucid server, where I am installing the
>Ubuntu/Debian package. The directory in question is
>
> /var/lib/mailman/archives/private
>
>On my production Dapper server, I have
>
> drwxrws--x 904 www-data list 24576 2011-02-09 14:17 .
You need either owner=www-data (the web server user) or o+x. You don't
need both, but the only issue is if this server has local users, the
local users can access private archive files with o+x.
>On my test Lucid server I have
>
> drwxrws--- 10 root list 4096 2011-02-17 11:19 .
>
>There are two differences:
>
> owner: www-data vs. root
> group execute privileges
>
>In the current configuration I cannot get from the web to the list
>archives. I tried changing the ownership to www-data, and that worked.
>I then reset the owner back to root and added group execute
>privileges, and that also worked.
>
>What is suggested as the preferred fix? Thanks.
The web server needs to be able to search the directory. As noted
above, either owner = www-data or o+x allows this. Owner=www-data is
more restrictive than o+x as it does not allow local users (other than
www-data and the 'list' group) to access archive files directly.
If you don't have non-admin local users on the server, then it doesn't
matter which you do. Read the warning box at
<http://www.list.org/mailman-install/node9.html>.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list