Discussion:
restricting list ownership
Erin Michaud
2014-04-29 18:46:23 UTC
Permalink
Hello,

I would like to make it so that current list owners cannot add owners that are outside our organization - i.e. list owners can only be added that have a "law.harvard.edu" email address. Have searched the archives here with no luck and would appreciate any nudges in the right direction. I have a working config that only allows list creation to certain members of our community via LDAP group membership, but need to make sure list ownership (even non-priv ownership) cannot get set to non-internal subscribers.



Thanks,

Erin Michaud

Linux Systems Administrator

Harvard Law School ITS
Steve Shipway
2014-04-30 04:06:42 UTC
Permalink
I don't believe there is any way to do this with an unmodified sympa; a privileged list owner is trusted to add whoever they want as owner or editor.

You might be able to set your authentication mechanism to prevent login by people outside your domain; of course, this would also prevent external people from being list editors or even members.

You could set list owners to unprivileged, which would mean they could not add any new owners or editors. Then only listmasters (who presumably can be trusted) would be able to do this on request.

You could make a periodic shell script job that searches the config files of all lists for external owners, and removes them from the config (and regenerates the bin file) if found; though this would leave them there for a short while.

Finally, you could modify the List.pm so that the list owner field has a regexp validation that enforces a regexp match of /.*law\.harvard\.edu$/ . This would work as you want, but would of course require code modification.

Steve

Steve Shipway
University of Auckland ITS
UNIX Systems Design Lead
s.shipway-1/***@public.gmane.org<mailto:s.shipway-1/***@public.gmane.org>
Ph: +64 9 373 7599 ext 86487

________________________________
From: sympa-users-request-***@public.gmane.org [sympa-users-request-wA9P2NSfqiVUUpeUK0L/***@public.gmane.orgater.fr] on behalf of Erin Michaud [emichaud-zZyc3Riw6ui+fmr0zi+***@public.gmane.org]
Sent: Wednesday, 30 April 2014 6:46 a.m.
To: sympa-users-***@public.gmane.org
Subject: [sympa-users] restricting list ownership


Hello,

I would like to make it so that current list owners cannot add owners that are outside our organization - i.e. list owners can only be added that have a "law.harvard.edu" email address. Have searched the archives here with no luck and would appreciate any nudges in the right direction. I have a working config that only allows list creation to certain members of our community via LDAP group membership, but need to make sure list ownership (even non-priv ownership) cannot get set to non-internal subscribers.



Thanks,

Erin Michaud

Linux Systems Administrator

Harvard Law School ITS

Continue reading on narkive:
Loading...