Mark Sapiro wrote:
I'm not saying it won't work. I think it probably will. The one issue IHrm, yes, that would be a problem (I just tested it and it's indeed visible to everyone, despite the URL difference.) I'd hate to have to come up with a login procedure outside of mailman simply because it won't play well with suexec. Yes I realize it's mentioned very specifically that mailman needs for the exec not to be run as the mailman user, however that will go against suexec's security feature. So I guess my question now is, what can be done to make this work? Or maybe a better question would be, when will mailman reach a point where it will and can run within a suexec environment? I like my security and I like using mailman.
think you may have is if you have private archives, they may turn out
to be accessible to anyone because your web server now runs as group
mailman which is documented as wrong for this reason.
--
H | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
