[Pkg-mailman-hackers] Bug#356877: mailman: private archive dir
permissions insecure
Thijs Kinkhorst
thijs at debian.org
Wed Aug 9 13:12:04 UTC 2006
Hello all,
I suggest the following solution:
chmod g=x,o= /var/lib/mailman/archives/private
chgrp www-data /var/lib/mailman/archives/private
Give group www-data, the standardised group the webserver runs at in
Debian, the right permissions on that dir and other none, and chgrp the
thing.
I think this is the common way to handle such a thing in web
applications currently in Debian, just like e.g. the attachments dir of
SquirrelMail.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/attachments/20060809/a4f974d4/attachment.pgp
More information about the Pkg-mailman-hackers
mailing list