Noah wrote off list: >after a 'chmod o+x private/' the public and private mailman archives are >visible. > >but now when I run the bin/check_perms -f I see the following warning: > ># ./check_perms -f >Warning: Private archive directory is other-executable (o+x). > This could allow other users on your system to read private archives. > If you're on a shared multiuser system, you should consult the > installation manual on how to fix this.
And now writes: >I never found anything in the intsallation manual as the check_perms message >suggests. I agree that this is not addressed well in the manual. >but what I did do was remove all other permissions and put the ownership of >the private directory to www to solve the problem. check_perms works well now. > ># ls -l >total 6 >drwxrws--- 103 www mailman 2560 Apr 21 21:49 private >drwxrwsr-x 2 mailman mailman 1536 Apr 21 21:49 public Actually, regardless of check_perms complaints or lack thereof, drwxrws--- 103 www mailman 2560 Apr 21 21:49 private is worse than drwxrws--x 103 mailman mailman 2560 Apr 21 21:49 private The latter only allows the web browser to search the private directory, while the former allows it to read it as well. I'm not 100% certain about this, but I think the o+x on the private directory /is/ required in at least some OSs for the symlinks from public/* to private/* to work. Also, the Makefile that creates archives/private has created it with o+x for many years. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
