LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Re: wa in UNIX
Douglas Palmer <[log in to unmask]>
Wed, 4 Feb 2004 16:52:21 -0500
text/plain (30 lines) 
At 03:02 PM 2/4/2004, Shinn Wu wrote:

> > I don't really understand the 'protection' of wa offers in UNIX.  I
> > install wa in /usr/local/apache/cgi-bin and the archives is under
> > /usr/local/apache/htdocs/archives.  All the archives can be accessed by
> > subscribers ONLY.  BUT, you can easily bypass the email/password if you
> > know (or guess) the name of ANY archive, e.g,
> >
> > http://www.anysite.com/archives/test.log0301
> >
> > or even better
> >
> > http://www.anysite.com/archive/test.html
> >
> > to search the whole list.  It didn't offer any .htaccess.  I must miss
> > something important, but I could not find it either in manual or LSTSRV-L.
> > Would someone shed a light or confirm that?  Thanks.

We change the permissions to 750 for all archive directories. wa has no
problem (no listserv process does), but the web user process has no access.

-- DCP


--
Douglas Palmer                  |
SystemsManager          |
225 Cadman Plaza East           | Email: [log in to unmask]
Brooklyn, New York 11201        | CCNP,USDC-EDNY

ATOM RSS1 RSS2