[Mailman-Users] Group write permissions necessary?
Marc MERLIN
marc_news at valinux.com
Tue Apr 24 00:51:45 CEST 2001
On Sun, Apr 22, 2001 at 03:39:34PM -0500, Pug Bainter wrote:
> Marc MERLIN (marc_news at valinux.com) said something that sounded like:
> > Yes, as soon as root or some other privileged user runs a mailman command,
> > config.db will be owned by a user other than mailman, and your list will
> > stop working.
>
> Silly question. Why don't the programs set the proper permissions and
> ownerships? It seems that since it's stored in the Defaults.py that it
> could do that.
You want to remove group writable on the directories, right?
The programs, if run with a UID different from mailman or root cannot change
their UID to mailman and write in those dirs anymore.
Only root and the mailman user will be able to recreate a new config.db, so
your mailman cgi which only has mailman group permissions, won't be able to
create a new config.db. Same thing for the mail gateway binaries.
My securelinux patch fixes this to make sure everything is UID mailman
before writing config.db
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key
More information about the Mailman-Users
mailing list