On 07/02/2015 09:01 AM, Steve Matzura wrote: > On Thu, 02 Jul 2015 08:24:12 -0700, you wrote: > >> Run check_perms. > > Did that. 898 problems found! I hope I didn't break Postfix. Luckily I > logged before and after in case I have to revert.
Check_perms only affects files and directories in Mailman's tree(s). Postfix should be unaffected. > After check_perms fixed all problems, I re-ran it and got this: > > Warning: Private archive directory is other-executable (o+x). > This could allow other users on your system to read private > archives. > If you're on a shared multiuser system, you should consult > the installation manual on how to fix this. > No problems found > > Which section should I be reading? <http://www.list.org/mailman-install/node9.html>, but the question is this. Are there users who can log in to a shell or sftp or whatever who should not have any access to private list archives? If the answer is no, o+x on /path/to/mailman/archives/private is not a problem. If the answer is yes, set it o-x and change its owner to the web server uid. If you set it o-x and don't change the owner, public archive access won't work. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
