Great Circle Associates Majordomo-Users
(May 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: listname.passwd
From: dwolfe @ risc . sps . mot . com (Dave Wolfe)
Date: Thu, 18 May 1995 09:44:05 -0500 (CDT)
To: uunet!dl.ac.uk!J.F.L.Hopkinson
Cc: majordomo-users @ greatcircle . com (Majordomo user's mailing list), majordomo-workers @ greatcircle . com (Majordomo developer's mailing list)
In-reply-to: <199505181203.NAA24252@mserv1.dl.ac.uk> from "dl.ac.uk!J.F.L.Hopkinson" at May 18, 95 01:03:29 pm
Reply-to: David Wolfe <david_wolfe @ risc . sps . mot . com>

[ replied and copied to majordomo-users and majordomo-workers ]

[ uunet!dl.ac.uk!J.F.L.Hopkinson writes: ]
> 
> "John P. Rouillard" <rouilj@cs.umb.edu> writes:
> 
> > ...
> > The way I set it up is with three passwords:
> >
> >        2) A password for list maintainance issues. This is set with
> >		the admin_password keyword in the per list config
> >		file. 
> >		...   		As has been
> >		mentioned before this password can be kept in the
> >		.majordomo file for automatic use by the approve
> >		script.
> >
> >        3) A password for list submission functions (approving bounced
> >		messages). This is set in the per list config file
> >		with the approve_password keyword. This can also be
> >		put in a .majordomo file for use by approve.
> >
> 	
> If 2 and 3 both exist, how do you distinguish them in  ~/.majordomo ?

I think I've got this right, but Messrs. Rouillard, Chapman, or Barr
would, of course, be the ultimate authority...

#2 (list.config admin_passwd) is the 1st choice and #1 (list.passwd
file) is the 2nd choice for the majordomo script. #3 (list.config
approve_passwd) is the 1st choice for resend, with #2 being 2nd choice
and #1 3rd. IOW:

    majordomo:	#2 #1
    resend:	#3 #2 #1

What bothers me is that knowing admin_passwd (#2) allows one to change
list.passwd (#1), which I thought was supposed to be the overriding
authority. Thus anyone given the admin_passwd to approve subscribers (*)
can change the list.passwd as well as the passwords in the list.config
file, effectively removing the overseer-of-all-lists control of that
list. Or am I misreading the source?

If not, then &do_passwd needs to be changed to allow only list.passwd to
change list.passwd.


(*) Each list owner here controls who can subscribe to his closed
list rather than the majordomo-sitter acting as the administrative
bottle-neck.

-- 
 Dave Wolfe    *Not a spokesman for Motorola*  (512) 891-3246
 Motorola MMTG  6501 Wm. Cannon Dr. W. OE112  Austin  TX  78735-8598


References:
Indexed By Date Previous: Re: listname.passwd
From: J.F.L.Hopkinson@dl.ac.uk
Next: Re: listname.passwd
From: "John P. Rouillard" <rouilj@cs.umb.edu>
Indexed By Thread Previous: Re: listname.passwd
From: J.F.L.Hopkinson@dl.ac.uk
Next: Re: listname.passwd
From: "John P. Rouillard" <rouilj@cs.umb.edu>

Google
 
Search Internet Search www.greatcircle.com