[Mailman-Users] looking for: find_member.cgi

Jon Carnes jonc at nc.rr.com
Sun May 4 23:03:55 CEST 2003 

well 664 would open up your list databases and their clear text
passwords.  Have you tried making the owner "apache".  Mailman only
cares about the group, so you can mangle the owner and give rights that
way.

Another option is to add "apache" to the group "mailman" -or- it would
be better if your cgi ran as it's own user; then add that user to the
group "mailman.

I've done all these at various times and for various clients. Another
favorite of mine is to create a bash binary that runs as SetID mailman. 
Then any script run via this bash shell is run as the user/group
"mailman".  This is especially handy for setting up scripts activated
via mailed-in commands.

Hope the above is helpful,

Jon Carnes

BTW: looks like we need to have "mailman-power-users" group for
discussion and archiving of such issues.

On Sun, 2003-05-04 at 15:38, Jim Popovitch wrote:
> Hi Jon,
> 
> Thanks for the suggestion.  The hitch here is that find_memeber (called from
> within find_member.cgi) needs read access to $MAILMAN/lists/*/config.db, and
> currently those files are installed chmod 660.  Any comments on the security
> impact of chmod'ing these to 664?
> 
> -Jim P.
> 
> > -----Original Message-----
> > From: Jon Carnes [mailto:jonc at nc.rr.com]
> > Sent: Sunday, May 04, 2003 1:46 PM
> > To: Jim Popovitch
> > Cc: mailman-users at python.org
> > Subject: Re: [Mailman-Users] looking for: find_member.cgi
> >
> >
> > On Sun, 2003-05-04 at 03:04, Jim Popovitch wrote:
> > > Hi,
> > >
> > > I hosts several MM lists for others and I want to provide a way for them to
> > > search for a member within their lists.  I have tried wrapping
> > find_member with
> > > a cgi script but this will not work because of permission problems.
> >  Has anyone
> > > ever done this successfully and securely?
> > >
> > > -Jim P.
> >
> > Start out by placing your cgi in the ~mailman/cgi-bin/.. directory. Make
> > it group owned by "mailman" and then set the GID bit (so that your cgi
> > looks like the others).
> >
> > Hopefully that will get your cgi running with the proper rights
> > (gid=mailman).
> >
>

More information about the Mailman-Users mailing list