[Mailman-Users] Permissions problem accessing commands via php
Dave B
dave at dpss.bz
Mon Dec 12 16:50:01 CET 2005
I am guessing that this is a bad idea but I want to ask anyway. PHP
runs as the Apache user which is www. I have added www to the mailman
group and this works. I have since removed it but wanted to see whether
that created too much of a security risk?
Thanks - Dave
On Dec 10, 2005, at 12:38 PM, Mark Sapiro wrote:
>
>
> ----- Original Message ---------------
>
> Dave B wrote:
>
>> Does it use the umask setting? If so, it should be setting permissions
>> to 644 (umask is 022) instead of the 660 that it sets.
>
>
> It uses umask, but it sets it to 007 before creating the new file and
> restores it afterword, because it specifically doesn't want the file
> readable by 'other' as it contains plain text passwords. BTW, 644
> isn't good. It should be 664 (umask = 002) to do what you want as
> files should be group writable, but it isn't critical in the case of
> config.pck because it's always a new file that's written - the old one
> is only read.
>
>
>> Is there a way
>> to change what it uses as standard permissions?
>
>
> Only by changing the code in MailList.py.
>
> --
> Mark Sapiro <msapiro at value.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
>
>
More information about the Mailman-Users
mailing list