My company is running and testing Mailman to replace majordomo (finally)
in a FreeBSD environment. From the README.BSD file I see that it is
possible to io install without turning on the setgid bit on directories.
However, even with a 'make DIRSETGID=: install' a number of executable
files are installed with the setgid bit. The fact that these same files,
as well as pretty much everything else in the mailman directory, are set
to allow world read and execute makes us very nervous, especially since
this is a shared environment. Are we missing something or is this not a
recipe for anyone being able to run these commands?
I realize that most things are password protected as well and it appears
only the cgi-files are setgid, but we were toying with this idea and were
wondering how bad of an idea it is.
chmod -R go-rwxs /u/mailman
chmod 4550 /u/mailman/cgi-bin/*
chown -R mailman:webgroup /u/mailman/cgi-bin
chmod 750 /u/mailman/cgi-bin
chmod 644 /u/mailman/data/*
chmod 711 /u/mailman
chmod 711 /u/mailman/data/
We also did this, but are not sure they are necessary:
chmod 711 /u/mailman/mail
chmod 711 /u/mailman/mail/mailman
We figure we would rather have the web server running these scripts as
mailman instead of allowing anyone to execute all of these scripts.
After we made these changes in the test environment everything seems to be
functioning normal from the outside perspective.
If this is a horrible idea, why? And if this is highly discouraged, has
anyone else done anything to limit permissions further from the default
install to disallow prying eyes and curios fingers?
Matthew Ruzicka - Systems Administrator
Front Range Internet, Inc.
matt at frii.net - (970) 212-0728
Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com