Mark, Users was probably not the best term to use. I was speaking of nefarious bad-doers. I did not want to have anything internet facing that allowed for any type of administration. Your discussion was very helpful and I believe that I know how I am going configure it, well, attempt to configure it.
Thanks, Darich On Nov 7, 2005, at 11:24 PM, Mark Sapiro wrote: > Darich Runyan/OMNI INFOSEC HQ wrote: >> >> Is there a way to turn off the ability for users to create list and >> administer list via the web interface while still allowing them to >> use the web interface for subscribing? > > Creating a list from the web requires that the person doing the create > know the site passord or a special list creator password. There is no > need for users or list admins to know these passwords, nor do you even > have to have a list creator or even a site password if you don't want > them. The list creator password only allows web based list creation. > The site password allows web based list creation and full > administration of all site lists. > > I'm confused by what you mean by user in this context. Do you mean > list > administrators who are users of your mailman installation or do you > mean list members? > > List administration really requires the web interface as lists > can't be > effectively administered without it. There are two passwords involved. > The optional moderator password allows access to the admindb interface > only for dealing with various requests and held messages. The admin > password allows access to all list administration functions. List > members in general do not know these passwords. > > If you want to prohibit using the admin web interface, set up the list > yourself and don't tell anyone the list password. > > If you want to limit the web admin interface to only certain > functions, > you can change the ADMIN_CATEGORIES list in mm_cfg.py. You can reorder > the links at the top of the admin pages with this list, and you can > delete any pages you don't want available. Note however that you can't > really eliminate the General Options page because unrecognized pages > always default to the General Options page whether or not it's in > ADMIN_CATEGORIES. > > None of this affects access to the listinfo page and its subscribe and > unsubscribe functions. > > Other than controlling passwords and using ADMIN_CATEGORIES as above, > you'd have to modify the code in Mailman/Cgi/admin.py or other Cgi > modules to change the way things work. > > But, the simple answer to your question if it means what it says on > its > face is don't tell them the list admin password, the list creator > password if any and the site password if any. > > -- > Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > --- Darich Runyan President/Principal Consultant Omni Infosec Ltd. 734 Thimble Shoals Blvd. Newport News, VA 23606 757-876-3805 ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
