On Thu, 02 Jul 2015 16:39:36 -0700, you wrote: >> After check_perms fixed all problems, I re-ran it and got this: >> >> Warning: Private archive directory is other-executable (o+x). >> This could allow other users on your system to read private >> archives. >> If you're on a shared multiuser system, you should consult >> the installation manual on how to fix this. >> No problems found >> >> Which section should I be reading? > > ><http://www.list.org/mailman-install/node9.html>, but the question is >this. Are there users who can log in to a shell or sftp or whatever who >should not have any access to private list archives? If the answer is >no, o+x on /path/to/mailman/archives/private is not a problem. If the >answer is yes, set it o-x and change its owner to the web server uid. If >you set it o-x and don't change the owner, public archive access won't work.
Understood. Since this is really a new installation (I didn't copy archives from the old system because they're not really of any use), $prefix/archives doesn't exist yet. I'll keep the above in mind and implement it when list traffic commences on this installation. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
