netbsd-users: Re: mailman and apache, straight from pkgsrc, not happy...

Subject: Re: mailman and apache, straight from pkgsrc, not happy...
To: Marshall Rose <mrose@dbc.mtview.ca.us>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: netbsd-users
Date: 09/05/2003 10:57:06

On Thu, Sep 04, 2003 at 01:51:59PM -0700, Marshall Rose wrote:
> > You should have a mailman user/group, and /var/db/mailman should be
> > 775 mailman:mailman
>     
> well, pkgsrc created the u/g entries, but /var/db/mailman was created
> root:staff by pkgsrc.

Strange, there is a OWN_DIRS_PERMS for it

>     
> > You may want to tweak MAILMAN_MAILGROUP before compiling mailman.
> > However on my system I don't have problems with apache running www:www
> > I have a lot of scripts sgid mailman in /usr/pkg/lib/mailman, however.
> 
> yeah, after playing with that for a while. i decided to run apache with
> u/g mailman:mailman...

From a security POW it may cause problems, espeically if local users are
allowed to run cgi, or php scripts.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
     NetBSD: 24 ans d'experience feront toujours la difference
--