From: Gerald Davies (gerald.daviesgmail.com)
Date: Fri Jan 28 2005 - 05:10:52 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 27 Jan 2005 21:05:31 -0600, Dustin Boontheekul
<bsdusermath.okstate.edu> wrote:
> Perfectly reasonable question.
>
> 1. Limited exposure. Ports 8080 and 8443 are supposed to be limited to
> a few subnets as opposed to the whole world.
> 2. Permissions. Maybe Apache can do this and I just don't know how to
> configure it, but the Apache daemon running for my normal webstuff runs
> as a different user and group than the one serving Mailman. Mailman is
> real picky about permissions and this helped a lot.
> 3. Separation. The other web stuff is up and running and doing it's own
> thing. I was having to bring Mailman up on an already loaded server.
> Lots of users 24/7--so having them separate helps me out in bringing up
> and down services. Also, the Mailman setup can run without any modules
> loaded. My other web setup runs with PHP.
>

Since mailman was to be the only thing running on the web server I
installed, I've simply just disabled the chroot on apache. This will
possibly come back and bite me, but for now it will do. I'll have a
deeper look when I'm more familiar with things. Everything works now
:)

If anyone has any other ideas then feel free to contribute. I'm
surprised the port maintainers haven't seen this coming (?). Do they
know about it?

Cheers,

g

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]