On Tue, 2005-07-12 at 19:20 -0400, Poster wrote: > OK. If I'm following this correctly, Mailman is run as setgid Mailman, > so whatever calls it acts as though it were in the Mailman group. To > prevent abuse of this, Mailman allows only those who pass its security > check to call it. > > I'm running SUSE, which uses a mailman-cgi-gid file, instead of > compiling this option into Mailman itself. If I've got this right, > Mailman compares this file with the GID of the process calling it. If > they match, then the process goes ahead. > > My mailman-cgi-gid file contains one number -- 8, which is the user > "nobody". In order to prevent Mailman from crashing with horrendous > permissions problems on locks and such, I had to change many files to > be owned by nobody.
I can't speak for SuSE, but I think your mailman-cgi-gid file should have been modified to have the uid that apache (or whatever httpd server you're running) runs as. You shouldn't need to modify the owner/group/permissions of any of the mailman files (or any other files). But like I said I'm not a SuSE expert they may have done something different, but my expectation is they replaced the configure option --with-cgi-gid with a file read of malman-cgi-gid so its not hardcoded into the wrapper. > I suppose that nobody doesn't have to be part of the mailman group, > and that's where I went off the path? Yes, I believe that would be a mistake and you may need to go back and undo those file changes :-( mailman_install_dir/bin/fix_perms might be helpful, the -f option will "fix" the files. -- John Dennis <[EMAIL PROTECTED]> ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
