Peter Seibel wrote: > >Hmmm, it seems that chmod'ing data/aliases.db to 0660 does the trick-- >now I can create lists both from the command line as a member of the >mailman group and from the web. Is that the correct fix?
Yes, it is. The mail wrapper and the various cgi-bin wrappers are all SETGID mailman. This is the basis of Mailman's security. The wrappers test to see that they were invoked by the appropriate group (built in by configure), and run as group mailman. Thus files should usually be group mailman and have any requisite permissions at the group level as well as the owner. See <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.016.htp> for more detail on this. The real issue is bin/check_perms doesn't check aliases.db. This is a known problem; see <https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1204386&group_id=103>. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
