I am guessing that this is a bad idea but I want to ask anyway. PHP runs as the Apache user which is www. I have added www to the mailman group and this works. I have since removed it but wanted to see whether that created too much of a security risk?
Thanks - Dave On Dec 10, 2005, at 12:38 PM, Mark Sapiro wrote: > > > ----- Original Message --------------- > > Dave B wrote: > >> Does it use the umask setting? If so, it should be setting permissions >> to 644 (umask is 022) instead of the 660 that it sets. > > > It uses umask, but it sets it to 007 before creating the new file and > restores it afterword, because it specifically doesn't want the file > readable by 'other' as it contains plain text passwords. BTW, 644 > isn't good. It should be 664 (umask = 002) to do what you want as > files should be group writable, but it isn't critical in the case of > config.pck because it's always a new file that's written - the old one > is only read. > > >> Is there a way >> to change what it uses as standard permissions? > > > Only by changing the code in MailList.py. > > -- > Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
