[Mailman-Users] an unrelated site's (cgi) access to mailman cmdline tools
Mark Sapiro
mark at msapiro.net
Wed Mar 22 13:24:21 EDT 2017
On 03/22/2017 08:18 AM, karrageorgiou.giannis--- via Mailman-Users wrote:
>
> I have a cgi program running under a site that
> is NOT the one hosting the mailman's web
> interface
> (i.e. both mail.[domain] (mailman) and www.[domain]
> are apache's virtual domains in the same system,
> but under DIFFERENT user/group directives)
OK
> The cgi program must generate userinfo lists
> taking the email parts live from the list_members
> stdout; when the various lists/*/config.pck are
> world readable it works fine; but when their
> permissions are reset/recreated, it breaks.
>
> Notice that I am not talking about the group
> permissions, but world's. I even tried setting
> an acl giving the cgi/httpd user read permissions
> but again they get lost.
This seems like a bad idea anyway. Does every list on your server have
public archives and public list rosters?
Anyone who can access a list's config.pck has access to the roster and
the list passwords for all members. It seems making those files world
readable is a very bad idea.
> since there is no way to have the main site
> under mailman's group, is there a way to
> make mailman processes not ruin the world or
> acl permissions on the */config.pck?
Instead of that, just change the owner of the relevant Mailman files to
the web server user of the other domain. This should allow that apache
virtual domain to access the files, and as far as I know, no Mailman
process will change the owner of these files and it won't matter for
access from the mailman virtual domain because that's all controlled by
group.
You still will need to ensure that arbitrary visitors to the 'other'
domain aren't able to retrieve those files, i.e. they are only
accessible via your cgi and not via other URLs, but that should not be hard.
You may also be interested in the 'members.c' program attached to
<https://wiki.list.org/x/4030648>.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list