Xiaoyan Ma wrote: > >Can someone tell us what the permissions and owners of the >following files need to be set to? > >- The CGI Script being called from the web
If your web server runs this as group 'mailman', that would probably suffice, but see below. >- newlist >- config_list > >Right now when we try and call newlist from the CGI script, we get a >permissions error. The scripts in the bin/ directory are not SETGID. This is intentional. You don't want anyone who happens to have shell access to your box to be able to create and configure lists. Thus the scripts have to be run by some user who can create and update files in the mailman hierarchy - the lists/ directory in particular in this case. Usually, this is root or the mailman user. If you make newlist and config_list SETGID, that might suffice, but I suggest you also remove the world r and x permissions. E.g. chmod 2750 newlist Then you still have the problem that you have to run the script as either the owner or group of the file, but you could change the owner to the user that the CGI script runs as. Alternatively, you could leave the bin/ scripts alone and make the CGI script group mailman and SETGID. Whatever you do, you'll probably wind up with a situation where you have to insure that no one who isn't authorized to update mailman has shell access to the box, unless you set the web server to run the CGI as group mailman. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp