5 Sep 2003 10:57
Re: mailman and apache, straight from pkgsrc, not happy...
Manuel Bouyer <bouyer <at> antioche.lip6.fr>
2003-09-05 08:57:06 GMT
2003-09-05 08:57:06 GMT
On Thu, Sep 04, 2003 at 01:51:59PM -0700, Marshall Rose wrote:
> > You should have a mailman user/group, and /var/db/mailman should be
> > 775 mailman:mailman
>
> well, pkgsrc created the u/g entries, but /var/db/mailman was created
> root:staff by pkgsrc.
Strange, there is a OWN_DIRS_PERMS for it
>
> > You may want to tweak MAILMAN_MAILGROUP before compiling mailman.
> > However on my system I don't have problems with apache running www:www
> > I have a lot of scripts sgid mailman in /usr/pkg/lib/mailman, however.
>
> yeah, after playing with that for a while. i decided to run apache with
> u/g mailman:mailman...
From a security POW it may cause problems, espeically if local users are
allowed to run cgi, or php scripts.
--
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer <at> lip6.fr
NetBSD: 24 ans d'experience feront toujours la difference
--
RSS Feed