The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Hi John !

Actually, the family XML files are not the only one in etc/ that can be edited by Sympa. All the mail and web templates (those used as default for all the lists of a robot) can be edited by the sympa users as they can be modified through the web interface.

As we don't give write permission to the sympa user on the main config file, I fail to see the problem of them being in the same directory of data that can be changed by this user.

Regards,

David

Le 19/08/2010 22:28, John Bazik a écrit :

address@concealed">

I was trying out list families recently, and discovered that sympa
wants to write in /etc/sympa/families (or /home/sympa/etc/families,
as the docs say).  When I instantiate a family, sympa writes xml files
there.

Since that is a configuration directory, I set the permissions to
root-owned and read-only to sympa.  Since sympa must be run as user
sympa, and to make families work, I have to make that directory writable
by sympa.

That seems like a bad idea, security-wise.  Also, I set up my servers
as a failover pair, and do not share the /etc directory, since I
assumed it was read-only.  Wouldn't it make more sense to write those
files in expl?

I'm running 5.3.4, but I checked the latest (6.1b.4) release, and the
code in Family.pm is the same.

John
  

--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker