I need to run bin/add_member in our Mailman 2.1.11 list server
installation from a cgi/perl script. Normally, it has to run as
root. The easy solution was to add the www user to the mailman
group. You can then:
open(LISTSERVER, '|/usr/local/mailman/bin/add_members -r- '.$list_name);
print LISTSERVER $email;
close(LISTSERVER);
My question is are there any security consequences from adding the
Apache2 user to the mailman group I should be aware of. I don't want
to inadvertently allow spammers to add themselves to our lists. The
cgi script that I'm using is well protected by pubcookie and ip
restriction to ensure that only authorized administrators can add new
addresses.
Thanks,
James Riendeau
MMI Computer Support Technician
Rm. 1541, Dept. of MedMicro
1550 Linden Drive
Madison, WI 53706-1521
Phone: (608) 262-3351
After-hours Phone: (608) 260-2696
Fax: (608) 262-8418
Email: jtrie...@wisc.edu
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
