I submitted an issue to mailman-web summarizing this conversation, and suggesting documentation as a short-term approach.
https://gitlab.com/mailman/mailman-web/issues/3
Abhilash Raj writes:
On Mon, Sep 23, 2019, at 3:02 AM, Tobias Hachmer via Mailman-users wrote:
# chown -R nginx:mailman3 /opt/mailman3/web
This works for all. But isn't it a security risk that e.g. manage.py and settings.py is read- and writeable by the webserver?
You just need them to be readable, not writable. You could possibly use xattrs to do just grant read privs.
etc.
Steve
-- Associate Professor Division of Policy and Planning Science http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnbull@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN