[Mailman-Users] cgi-bin permissions

Stephen J. Turnbull stephen at xemacs.org
Mon Nov 3 19:25:28 CET 2014

Jim Popovitch writes:
 > Hello,
 > Is $vendor's mailman pkg doing something wrong:
 > ~$ ls -al /usr/lib/cgi-bin/mailman/create
 > -rwxr-sr-x 1 root list 14368 Oct 27 18:23 create

No, that's standard setup.  Assuming /usr/lib/cgi-bin/mailman has the
right ownership and permissions (typically root:list drwxr-xr-x), root
ownership prevents anyone else (including the list user or group) from
changing or deleting that file, but those permissions don't give the
program any special power when run.

The empowering thing is the "r-s" in the middle.  That means that the
executable will always get the permissions of the list group when run
(of course if root runs it, it has all permissions).  That is just
enough to do its job, as the various directories and files it needs to
mutate will also have group list and permission "rw?" for group.

More information about the Mailman-Users mailing list