Barry Finkel wrote: >The mailman code puts, for public archives, a pointer to the >private directory. This will prevent public access to the private >archives if the archives are on a traditional Unix file system. >I am experimenting with placing the archives in the Andrew File >System (AFS), where access is controlled by access control lists. >In AFS, a non-privileged user can see the private archives. > >Is there an easy way to change the mailman behavior so that the >public archives are placed into their own directory and are not >symbolic links to the private directory? Thanks.
No, there isn't, but consider that even though the web server would theoritically have access to the private archives, how would a user access them? The 'pipermail' url is an alias to the symlink in the archives/public/ directory and the symlink doesn't exist for a private archive so the pipermail url won't work. Direct access to the archives/private/ directory is through the 'private' cgi-bin wrapper and script which requires user authorization. Thus, the only way to access a private archive without authorization is to craft a URL (presumably a pipermail URL with some /../ directories in it, but maybe something else) that will do it. I won't say it's not possible to make this work with modern web servers/browsers, but I've tried, and I can't. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
