[Pkg-mailman-hackers] Bug#356877: mailman: private archive dir permissions insecure

Thijs Kinkhorst thijs at debian.org
Wed Aug 9 13:12:04 UTC 2006


Hello all,

I suggest the following solution:

	chmod g=x,o= /var/lib/mailman/archives/private
	chgrp www-data /var/lib/mailman/archives/private

Give group www-data, the standardised group the webserver runs at in
Debian, the right permissions on that dir and other none, and chgrp the
thing.

I think this is the common way to handle such a thing in web
applications currently in Debian, just like e.g. the attachments dir of
SquirrelMail.



Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/attachments/20060809/a4f974d4/attachment.pgp


More information about the Pkg-mailman-hackers mailing list