On Sun, 23 Apr 2006 17:04:27 -0700, Mark Sapiro wrote > Noah wrote: > > > >I hear what you are saying but not completely understanding your analysis. > >The point of the permissions and ownership changes is so the web server has > >access to the private directory. And then to o-x the private directory keeps > >local users from accessing the private directories directly and reading > >private messages. > > > >Sounds like my permissions and ownership is set properly > >drwxrws--- 103 www mailman 2560 Apr 21 21:49 private > > The point is that with some browsers and web servers (probably not with > Apache) if the web server can read and search the private/ directory, > it can serve pages in the private/ directory via a url like > <http://www.example.com/pipermail/../private/list> where list's > archives are private - i.e., they don't have symlinks in the public/ > directory. Thus, you do not want to give the web server access to the > private/ directory itself.
okay got it - that makes sense. thanks, Noah ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
