[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] /var/spool/news/* permissions issue (more)

"Bulgrien, Kevin" <Kevin.Bulgrien@xxxxxxxxxxxxxxxxxx> writes:

> I am working on Leafwa (Leafnode Web Administrator) utilities that can be
> used to manage local newsgroups.  We allow the creation/deletion of new
> local groups via Leafwa, and further, allow an admin to delete messages
> that have been previously posted.  Currently, I am completing a script to
> allow an admin to move messages from one group to another with the option
> of also being able to cross-post an article that was not originally
> cross-posted.

Bad idea, that article can be forwarded by news, but anyhow, your point
is valid, the permissions should only be tampered with at the very first

> At this point, since there is released software that resets file tree
> permissions behind my back, I am pretty much forced to deal with it some
> other way, but, I am curious about the rationale behind doing such a
> thing.

You know "Programming Perl"? Read the chapter on efficiency, it has a
section on programmer efficiency. That's what it has been: my
convenience. I never bothered considering that behaviour, because
basically, the tree is leafnode's, but still, your point holds.

> I suppose I can run Leafwa as news, but, I was hoping to be able to just
> authenticate users that belonged to the group news.  I can't really do 
> this since group membership does not provide rights sufficient to 
> chmod g+w the news file tree.

Evidently not. I will change leafnode to only refuse to work if any of
these directories are world writable and let the user fix that instead.

> I was hoping to have debug and failsafe data thrown into the various 
> directories where edits were made rather than have to create a separate
> /var/spool/news/leafwa directory, for example, where I would have to
> maintain
> a wholly separate file tree.

If you need an own private directory for leafwa, go ahead, that's fine,
but please do use a dot in the file name, anywhere, like
/var/spool/news/leaf.wa or place your directory below
/var/spool/news/leaf.node. Upcoming changes to texpire might otherwise
wipe your directory. It's a trait of the newsgroup mapping that news
group directories will NEVER have a dot in their name, because that
newsgroup dot is converted to a slash, descending the directory
structure. So if you want something that texpire will not ever touch,
use a dot.

> Conceptually, this kind of data could go to /tmp also, but, this is
> also a lot less useful to the developer or to an admin that may need
> this data.

Don't use /tmp unless you want to go lengths to evade race attacks.

> If I need to be educated on the ettiquette of how to use another apps 
> directories, please feel free to offer up some suggestions.

No need to fear ettiquette violations. I just have to admit I never
tried leafwa.

Matthias Andree

GPG encrypted mail welcome, unless it's unsolicited commercial email.

leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list