On Mon, 2014-06-16 at 14:00 -0700, Mark Sapiro wrote: > On 06/16/2014 01:45 PM, Lindsay Haisley wrote: > > > > If you have shell access on a Mailman host you can pretty much do as you > > wish, including circumventing a lot of Mailman's privacy walls, all > > without having system root access. This is both good and bad, > > obviously, and is mostly an argument for being cautious about who has > > terminal access on a server running Mailman.
> You still need sufficient access. E.g., config.pck files are not world > readable, at least in a normal install, so you need to be root or in > Mailman's group to access list information. Also, we tell you how to > protect archives/private/ from non-root/mailman access by local users. > You're doubtless right, Mark. I did a cursory test here and could see whatever I wanted to see, but I do note that my shell user is in the mailman group, which probably explains why I could access the information. -- Lindsay Haisley | "Everything works if you let it" FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com | ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
