[Mailman-Users] You don't have permission to access/pipermail/onthis server.
Noah
admin2 at enabled.com
Mon Apr 24 03:06:12 CEST 2006
On Sun, 23 Apr 2006 17:04:27 -0700, Mark Sapiro wrote
> Noah wrote:
> >
> >I hear what you are saying but not completely understanding your analysis.
> >The point of the permissions and ownership changes is so the web server has
> >access to the private directory. And then to o-x the private directory keeps
> >local users from accessing the private directories directly and reading
> >private messages.
> >
> >Sounds like my permissions and ownership is set properly
> >drwxrws--- 103 www mailman 2560 Apr 21 21:49 private
>
> The point is that with some browsers and web servers (probably not with
> Apache) if the web server can read and search the private/ directory,
> it can serve pages in the private/ directory via a url like
> <http://www.example.com/pipermail/../private/list> where list's
> archives are private - i.e., they don't have symlinks in the public/
> directory. Thus, you do not want to give the web server access to the
> private/ directory itself.
okay got it - that makes sense.
thanks,
Noah
More information about the Mailman-Users
mailing list