[Mailman-Users] web interface tuning
Mark Sapiro
msapiro at value.net
Tue Nov 8 05:24:09 CET 2005
Darich Runyan/OMNI INFOSEC HQ wrote:
>
>Is there a way to turn off the ability for users to create list and
>administer list via the web interface while still allowing them to
>use the web interface for subscribing?
Creating a list from the web requires that the person doing the create
know the site passord or a special list creator password. There is no
need for users or list admins to know these passwords, nor do you even
have to have a list creator or even a site password if you don't want
them. The list creator password only allows web based list creation.
The site password allows web based list creation and full
administration of all site lists.
I'm confused by what you mean by user in this context. Do you mean list
administrators who are users of your mailman installation or do you
mean list members?
List administration really requires the web interface as lists can't be
effectively administered without it. There are two passwords involved.
The optional moderator password allows access to the admindb interface
only for dealing with various requests and held messages. The admin
password allows access to all list administration functions. List
members in general do not know these passwords.
If you want to prohibit using the admin web interface, set up the list
yourself and don't tell anyone the list password.
If you want to limit the web admin interface to only certain functions,
you can change the ADMIN_CATEGORIES list in mm_cfg.py. You can reorder
the links at the top of the admin pages with this list, and you can
delete any pages you don't want available. Note however that you can't
really eliminate the General Options page because unrecognized pages
always default to the General Options page whether or not it's in
ADMIN_CATEGORIES.
None of this affects access to the listinfo page and its subscribe and
unsubscribe functions.
Other than controlling passwords and using ADMIN_CATEGORIES as above,
you'd have to modify the code in Mailman/Cgi/admin.py or other Cgi
modules to change the way things work.
But, the simple answer to your question if it means what it says on its
face is don't tell them the list admin password, the list creator
password if any and the site password if any.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list