Hi !
I would like all lists to have seperate and independant
passwords set by the list-owners. In addition I would
like a 'superuser' password that will enable me to
edit lists without having to know their individual
passwords. Dave Wolfe suggested doing it with
hardlinks. I'm affraid this will cause all lists to
have the same password (the one in the MASTER.passwd file).
is there another way to make majordomo check for
the list.passwd and if it doesn't match to check
the MASTER.passwd ? . My guess would be to add an
'or' statement somewhere in the majordomo file or such.
does anyone have a solution ?
Thanks Roy.
On Fri, 21 Feb 1997, Dave Wolfe wrote:
> [ Ten lines for the taboo word filter... ]
> 2
> 3
> 4
> 5
> 6
> 7
> 8
> 9
> [ Jim Reisert writes: ]
> >
> > A list password seems to be in two places:
> >
> > inside the <list>.konfig file in the lists directory
> > inside the <list>.passwd file in the lists directory
> >
> > What I would like is for the list owners to be able to control their own
> > passwords using the konfig file. I would also like for *all* lists to have
> > the same master password, so that the majordomo owner can make wholesale
> > changes without having to know the individual lists passwords.
> >
> > Is this possible? What is the advantage of using a <list>.passwd file over
> > specifying the password in the .konfig file? Obviously list owners can not
> > remotely administer the .konfig files, so they seem to me like they are of
> > limited use by anyone except someone who has login access to the list server.
>
> On the contrary, anyone who has the 'admin_passwd' can modify the
> .config file via 'newconfig', including changing the 'admin_passwd'. The
> <listname>.passwd file is an artifact and is deprecated, meaning it will
> go away in 2.x. But 2.x will have features such as a global password and
> much finer grained security overall.
>
> I do exactly what you'd like to do. I created a MASTER.passwd file, set
> the master password in it, and change its mode to 0440 (read-only by
> majordom and friends). For each list I hard-linked a <listname>.passwd
> file to MASTER.passwd. This set the master password for each list and
> disabled anyone, including the master password holder, from changing
> it via 'passwd' (since the file is read-only). The only way to change
> the master password it to logon to the Mj server as root and edit
> MASTER.passwd.
>
> Having an unmodifiable <listname>.passwd also keeps anyone from creating
> one (via 'passwd') as a backdoor to a list and prevents list owners from
> falling into the trap of thinking that just because they changed their
> password via 'passwd' that the previous 'admin_passwd' is no longer
> valid.
>
> --
> Dave Wolfe
>
References:
|
|
