Darich Runyan/OMNI INFOSEC HQ wrote: > >Is there a way to turn off the ability for users to create list and >administer list via the web interface while still allowing them to >use the web interface for subscribing?
Creating a list from the web requires that the person doing the create know the site passord or a special list creator password. There is no need for users or list admins to know these passwords, nor do you even have to have a list creator or even a site password if you don't want them. The list creator password only allows web based list creation. The site password allows web based list creation and full administration of all site lists. I'm confused by what you mean by user in this context. Do you mean list administrators who are users of your mailman installation or do you mean list members? List administration really requires the web interface as lists can't be effectively administered without it. There are two passwords involved. The optional moderator password allows access to the admindb interface only for dealing with various requests and held messages. The admin password allows access to all list administration functions. List members in general do not know these passwords. If you want to prohibit using the admin web interface, set up the list yourself and don't tell anyone the list password. If you want to limit the web admin interface to only certain functions, you can change the ADMIN_CATEGORIES list in mm_cfg.py. You can reorder the links at the top of the admin pages with this list, and you can delete any pages you don't want available. Note however that you can't really eliminate the General Options page because unrecognized pages always default to the General Options page whether or not it's in ADMIN_CATEGORIES. None of this affects access to the listinfo page and its subscribe and unsubscribe functions. Other than controlling passwords and using ADMIN_CATEGORIES as above, you'd have to modify the code in Mailman/Cgi/admin.py or other Cgi modules to change the way things work. But, the simple answer to your question if it means what it says on its face is don't tell them the list admin password, the list creator password if any and the site password if any. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
