[Mailman-Developers] [ mailman-Bugs-585229 ] opening holes by
changing permissions?
noreply@sourceforge.net
noreply@sourceforge.net
Wed, 24 Jul 2002 08:28:59 -0700
Bugs item #585229, was opened at 2002-07-22 23:03
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=585229&group_id=103
Category: configuring/installing
Group: 2.1 beta
Status: Open
Resolution: None
Priority: 5
Submitted By: Paul Marshall (paulmarshll)
Assigned to: Nobody/Anonymous (nobody)
Summary: opening holes by changing permissions?
Initial Comment:
I was having problems adding a list in Mailman 2.1beta
via the web interface, it was giving me an error regarding
permissions to the mailman/data/aliases.db file.
This is the error I got:
...
File "/var/mailman/Mailman/MTA/Postfix.py", line 46, in
_update_maps
raise RuntimeError, msg % (acmd, status, errstr)
RuntimeError: command failed: /usr/sbin/postalias
/var/mailman/data/aliases (status: 1, Operation not
permitted)
To fix this I changed the permissions on this file so
apache could write to it.
chmod a+w aliases.db
This did fix the problem of creating and deleting lists via
the web interface.
Does anyone know if this would open up any security
holes?
Is there another way to fix the permissions problem that
is more logical?
Thanks for your help.
Paul Marshall
----------------------------------------------------------------------
>Comment By: Barry A. Warsaw (bwarsaw)
Date: 2002-07-24 11:28
Message:
Logged In: YES
user_id=12800
You shouldn't need to do this if you've followed the
directions in README.POSTFIX. The key issue is that aliases
and aliases.db must be group owned by `mailman' and must be
group writeable. Since the cgi scripts are setgid mailman
Apache should have no problems writing the file. And since
Postfix filter prog is also setgid mailman, it should have
no problems either.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=585229&group_id=103