[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] /var/spool/news/* permissions issue (more)

A little more background data on the intent is in order...

I am working on Leafwa (Leafnode Web Administrator) utilities that can be
used to manage local newsgroups.  We allow the creation/deletion of new
local groups via Leafwa, and further, allow an admin to delete messages
that have been previously posted.  Currently, I am completing a script to
allow an admin to move messages from one group to another with the option
of also being able to cross-post an article that was not originally

Most of what I do can be done with the -rwxrwxr-x news news settings on 
the /var/spool/news/vcsd directory (top level local news).  The problems
with permissions come into play when working with the message.id file
tree and the groupinfo file.

At this point, since there is released software that resets file tree
permissions behind my back, I am pretty much forced to deal with it some
other way, but, I am curious about the rationale behind doing such a thing.
I presume that leafnode wants 100% control over those trees, so this is a
security measure of some sort.  Frankly, though, I would wonder why such
a "feature" was necessary.  If someone broke in and changed things, it 
would be too late to go and force permissions back... unless this was
a cheap way to guard against introduced bugs in the software.

This issue really complicates the development of Leafwa because it forces
upon us the need for a complex setup to get around such Draconian security.

I suppose I can run Leafwa as news, but, I was hoping to be able to just
authenticate users that belonged to the group news.  I can't really do 
this since group membership does not provide rights sufficient to 
chmod g+w the news file tree.

I was hoping to have debug and failsafe data thrown into the various 
directories where edits were made rather than have to create a separate
/var/spool/news/leafwa directory, for example, where I would have to
a wholly separate file tree.  Conceptually, this kind of data could go to
/tmp also, but, this is also a lot less useful to the developer or to an
admin that may need this data.

If I need to be educated on the ettiquette of how to use another apps 
directories, please feel free to offer up some suggestions.

Other comment are welcomed also.

Kevin R. Bulgrien, Engineer

Vertex RSI, A TriPoint Global Company         http://www.tripointglobal.com/
Controls & Structures Division 
1915 Harrison Road                                    Tel: 903-295-1480 x288
Longview, TX 75604-5438                               Fax: 903-295-1479

leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list