[Mailman-Users] install/setup conundrum
berto at gsbrgo.uchicago.edu
berto at gsbrgo.uchicago.edu
Fri Sep 17 17:54:54 CEST 1999
Folks:
After thinking paranoid thoughts, I decided to reinstall Mailman following
the advice not to do the configure and make install steps as root.
Okay, I redid the installation as the mailman account. I ran bin/check_perms,
and no problems were reported.
Then I read the following:
- You want to be very sure that the user id under which your CGI
scripts run is *not* in the `mailman' group you created above,
otherwise private archives will be accessible to anyone.
In the cgi-bin dir, all programs were mailman-owned. mailman is a member
of the mailman group, of course.
What to do? Okay, I reinstalled, this time using the bin account. Then when
I ran bin/check_perms, I got a boatload of complaints about this and that
not being mailman-owned.
So, do I
--reinstall as mailman, and just ignore the warning above
--reinstall as mailman, and remove the mailman account from the mailman
group, so that the /etc/group line is
mailman::89:
--keep the installation as bin, use bin/check_perms to fix the problems
as root, then hope for the best
--throw caution to the wind, and restore the original root installation
(bad move, most likely)
What would you gurus advise?
Bob
-------------------------------------------------------------------------------
Robert Osterlund, Unix Systems Manager berto at gsbrgo.uchicago.edu
Grad School of Business, U of Chicago phone: 773/702-8898
1101 E. 58th Street, #309, Chicago, IL 60637, USA fax: 773/702-0233
More information about the Mailman-Users
mailing list